footprinting-reconnainssance

Before reading this article Read Reconnaissance part 1

5. Footprinting through Websites

Website Footprinting includes monitoring and investigating about the target organization’s official website for gaining information such as Software running, versions of these software’s, operating systems, Sub-directories, database, scripting information, and other details.

Software such as Burp Suite, Zaproxy, Website Informer, Firebug, and others. These tools can bring information like connection type and status and last modification information. By getting these type of information, an attacker can examine source code, developer’s details, file system structure and scripting.

Also using online services like www.netcraft.com and www.shodan.io the hackers get enough informations like operationg system info, IP address of the target,..

6. Footprinting through WHOIS

“WHOIS Lookup” helps to gain information regarding domain name, ownership information. IP Address, Netblock data, Domain Name Servers and other information’s. Regional Internet Registries (RIR) maintain WHOIS database. WHOIS lookup helps to find out who is behind the target domain name.

7. Footprinting through DNS Footprinting through Network

DNS lookup information is helpful to identify a host within a targeted network. There are several tools available on internet which perform DNS lookup. Before proceeding to the DNS lookup tools and the result overview of these DNS tools, you must know DNS record type symbols and there mean: –

Record Type

Description

A

The host’s IP address

MX

Domain’s Mail Server

NS

Host Name Server

CNAME

Canonical naming allows aliases to a host

SDA

Indicate authority for the domain

SRV

Service records

PTR

IP-Host Mapping

RP

Responsible Person

HINFO

Host Information

TXT

Unstructured Records

Online services like www.dnsstuff.com and www.network-tools.com can be used to analyse DNS details of a domain.

8. Footprinting through Social Engineering

In footprinting, the one of the easiest component to hack is human being itself. We can collect information from a human quite easily than fetching information from systems. Using Social Engineering, some basic social engineering techniques are: –

  1. Eavesdropping
  2. Shoulder Surfing
  3. Dumpster Diving
  4. Impersonation

Social Engineering
You can understand the social engineering as an art of extracting sensitive information from peoples. Social Engineers keep themselves undetected, people are unaware and careless and share their valuable information. This information is related to the type of social engineering. In Information Security aspects, Footprinting through Social engineering gathers information such as: –

  1. Credit card information. Username & Passwords.
  2. Security devices & Technology information.
  3. Operating System information.
  4. Software information. Network information.
  5. IP address & name server’s information.

Eavesdropping
Eavesdropping is a type of Social Engineering footprinting in which the Social Engineer is gathers information by listening to the conversation covertly. Listening conversations includes listening, reading or accessing any source of information without being notified.
Phishing
In the Phishing process, Emails sent to a targeted group contains email message body which looks legitimate. The recipient clicks the link mentioned in the email assuming it as a legitimate link. Once the reader clicks the link, enticed for providing information. It redirects users to the fake webpage that looks like an official website. For example, Recipient is redirected to a fake bank webpage, asking for sensitive information. Similarly, the redirected link may download any malicious script onto the recipient’s system to fetch information.

Shoulder Surfing
Shoulder Surfing is another method of gathering information by standing behind a target when he is interacting with sensitive information. By Shoulder surfing, passwords, account numbers, or other secret information can be gathered depending upon the carelessness of the target.

Dumpster Diving
Dumpster Diving is the process of looking for treasure in trash. This technique is older but still effective. It includes accessing the target’s trash such as printer trash, user desk, company’s trash for finding phone bills, contact information’s, financial information, source codes, and other helpful material.

 

Reconnaissance Part 2

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *