Information Gathering:- Information Gathering can be divided into seven logical steps
1. collecting initial Information (Footprinting)
2. Determination of Network Range
3. Scoping out Active Machines
4. Identifying Active Ports or Access Points
5. Operating System Fingerprinting
6. Service Fingerprinting
7. Network Mapping
4. Identifying Active Ports or Access Points
5. Operating System Fingerprinting
6. Service Fingerprinting
7. Network Mapping
Footprinting: Footprinting is defined as the process of creating a blueprint or map of an organization’s
network and systems. Information gathering is also known as Footprinting an organization.Footprinting is basically divided in to two types .
1. Active Footprinting
2. Passive Footprinting
In Active Footprinting needs our physical presence to collect information of our victim. example of active Footprinting would be socially engineering a client to give out confidential or privileged information. or visiting target company to collect information related to the company network.
Passive Footprinting do not needs our physical presence to collect information. Passive can be considered as simply studying the victims website, or newspaper etc..
The information the hacker is looking for during the Footprinting phase is anything that
gives clues as to the network architecture, server, and application types where valuable data
is stored. Before an attack or exploit can be launched, the operating system and version as
well as application types must be uncovered so the most effective attack can be launched
against the target. Here are some of the pieces of information to be gathered about a target
during Footprinting:
1. Domain name
2. Network blocks
3. Network services and applications
4. System architecture
5. Intrusion detection system
6. Authentication mechanisms
7. Specific IP addresses
8. Access control mechanisms
9. Phone numbers
10. Contact addresses
Once this information is compiled, it can give a hacker better insight into the organization,
where valuable information is stored, and how it can be accessed.
Information Gathering Tools:
Using Whois:
To use the Whois tool to gather information on the registrar or a domain name:
1. Go to the who.is website.
2. Enter your target company URL in the WHOIS Lookup field and click the WHOIS button.
3. Examine the results and determine the following:
Registered address
Technical and DNS contacts
Contact email.
Contact phone number
Expiration date
4. Visit the company website and see if the contact information from WHOIS matches
up to any contact names, addresses, and email addresses listed on the website.
5. If so, use Google to search on the employee names or email addresses. You can learn
the email naming convention used by the organization, and whether there is any
information that should not be publicly available.
2.Using Traceroute in Footprinting
Traceroute is a packet-tracking tool that is available for most operating systems. It operates
by sending an Internet Control Message Protocol (ICMP) echo to each hop (router or
gateway) along the path, until the destination address is reached. When ICMP messages
are sent back from the router, the time to live (TTL) is decremented by one for each router
along the path. This allows a hacker to determine how many hops a router is from the
sender.
One problem with using the traceroute tool is that it times out (indicated by an asterisk)
when it encounters a firewall or a packet-filtering router. Although a firewall stops the traceroute
tool from discovering internal hosts on the network, it can alert an ethical hacker to
the presence of a firewall; then, techniques for bypassing the firewall can be used.
Notice in Figure, the message first encounters the outbound ISP to reach the
Yahoo! web server, and that the server’s IP address is revealed as 98.138.253.109. Knowing
this IP address enables the ethical hacker to perform additional scanning on that host during
the scanning phase of the attack. The tracert command identifies routers located en route to the destination’s network. Because routers are generally named according to their physical location, tracert results help you locate these devices.
Hacking Tools for Footprinting:
1. domain name lookup
2. Who.is
3. Ns-lookup
4. Sam spade
5. Tracerout
6. Neo Trace
7. Visual lookup