n Define active and passive footprinting n Identify methods and procedures in information gathering Chapter #2:

Transcription

1 Outline n Define active and passive footprinting n Identify methods and procedures in information gathering Chapter #2: n Understand the use of social networking, search engines, and Google hacking in information gathering Information Gathering for the Ethical Hacker n Understand the use of whois, AR, and nslookup in information gathering n Describe the DNS record types 2 Phases of Hacking Footprinting n ECC describes four main focuses and benefits of footprinting for the ethical hacker: 1 Know the security posture (footprinting helps make this clear) 2 Reduce the focus area (network range, number of targets, and so on) 3 Identify vulnerabilities (self-explanatory) 4 Draw a network map 3 Essential Knowledge 4 1

2 Examples of Resources Passive Footprinting n Search engines n Gathering of competitive intelligence n Publicly facing web sites n Using search engines n DNS records n Perusing social media sites n Domain registration info n Participating in the ever-popular dumpster dive n Gaining network ranges n Raiding DNS for information 5 6 Passive Footprinting n Active Footprinting General business info n Social engineering n EDGAR Database (wwwsecgov/edgarshtml) n Robin Sage n Hoovers (wwwhooverscom) n LexisNexis (wwwlexisnexiscom) n Search engines n Business Wire (wwwbusinesswirecom) n Company plans and financials, the following list provides some great resources: n Google hacking n SEC Info (wwwsecinfocom) n Database with options * BS n Experian (wwwexperiancom) n Market Watch (wwwmarketwatchcom) n SiteDigger (wwwmcafeecom) - uses Google hack searches n Wall Street Monitor (wwwtwstcom) n MetaGoofil (wwwedge-securitycom) n Euromonitor (wwweuromonitorcom) n Fun lmgtfycom 7 8 2

3 Web Site Footprinting n Mirroring n mailtrackingcom Received: from MWHPR03MB3102namprd03prodoutlookcom ( ) by Received: from mail01messagesblackhatcom ( ) by CO1NAM04FT034mailprotectionoutlookcom ( ) with Microsoft SMTP CY4PR03MB3096namprd03prodoutlookcom with HTTPS via Server (version=tls1_0, id MWHPR1301CA0012NAMPRD13PRODOUTLOOKCOM; Thu, cipher=tls_rsa_with_aes_256_cbc_sha) 31 Aug :00: via Frontend Transport; Thu, 31 Aug :00: Received: from BN6PR03CA0009namprd03prodoutlookcom ( ) by Return-Path: bouncebackmessages1blackhatcom MWHPR03MB3102namprd03prodoutlookcom ( ) with Microsoft SMTP Server (version=tls1_2, cipher=tls_ecdhe_rsa_with_aes_256_cbc_sha384_p256) id DKIM-Signature: v=1; a=rsa-sha256; d=messages1blackhatcom; s=dk2016; c=relaxed/relaxed; ; Thu, 31 Aug :00: q=dns/txt; i=messages1blackhatcom; t= ; h=from:subject:date:to:mime-version:content-type; Received: from CO1NAM04FT034eop-NAM04prodprotectionoutlookcom bh=ckjda510ltji+pbak019bkcgwtcv3t8mlsp1jqbdopi=; (2a01:111:f400:7e4d::203) by BN6PR03CA0009outlookoffice365com b=qeryecb3hkvx6sdbwhv0jra4papemc1n8gw3sgswtlyko8/huufm7cgv6pd68ivw (2603:10b6:404:23::19) with Microsoft SMTP Server (version=tls1_2, cipher=tls_ecdhe_rsa_with_aes_256_cbc_sha384_p256) id via frgth/vmxjn/ygi2imo2/dbsezghpy4cx5apxkzzo/tqf/km64/rryuuvev99stz Frontend Transport; Thu, 31 Aug :00:53 imibrfuqa7gscnw/sr/rhxycx1vkj4rtgcbvgpiavwo=; Received: from [ ] ([ :57550] helo=g04snj010) Authentication-Results: spf=pass (sender IP is ) mailfrom=messages1blackhatcom; msudenveredu; dkim=pass (signature was<bouncebackmessages1blackhatcom>) by msm-mta03-dc6 (envelope-from (ecelerity r(core:3690)) with ESMTP verified) headerd=messages1blackhatcom;msudenveredu; dmarc=pass id AC/8D D7A95; Thu, 31 Aug :00: action=none headerfrom=messages1blackhatcom; Message-ID: <424ae7eb23894ad3953a5277dca > Received-SPF: Pass (protectionoutlookcom: domain of messages1blackhatcom X-Binding: designates as permitted sender) receiver=protectionoutlookcom; client-ip= ; X-elqSiteID: X-elqPod: 0x42929D304091F2FE066CF35EC31ADF5FBC4AF91DBF6F3D6F9D91109E00869E13 helo=mail01messagesblackhatcom; X-cid: /08/31 09:00:51 MIME-Version: 10 From: "Black Hat Europe 2017" <BlackHatmessages1blackhatcom> To: fustosmsudenveredu Reply-To: Black Hat <blackhatmessagesubmcom> Date: 31 Aug :00: n HTTrack (wwwhttrackcom) n Black Widow ( n WebRipper (wwwcalluna-softwarecom) n Teleport Pro (wwwtenmaxcom) n GNU Wget (wwwgnuorg) n Backstreet Browser ( n Wayback Machine ( - history n Website Watcher ( - changes 9 10 DNS 11 DNS Record Types 12 3

4 DNS Records SOA Registrars ns1anynet hostmasteranynet ( ; Serial ; Refresh ; Retry ; Expire ) ; Minimum NS ns1anynet NS ns2anynet MX 50 1anynet MX 100 2anynet A A www ftp mail pop pop nslookup Network Footprinting n nslookup msudenveredu n arinnet n nslookup n tracert / traceroute (ICMP ECHO packages Linux UDP) n nslookup type=ns msudenveredu n nslookup type=mx msudenveredu n Many-many tools n nslookup type=soa msudenveredu n interactive: nslookup >set all n dig ns2msudenveredu msudenveredu soa (all)

5 Other Tools n Maltego There is no 100 percent secure system, n HW and there is nothing that is foolproof! n How does it work, what are the settings, configuration options? Stay Alert! 17 5