Footprinting is the science of gathering information on a target’s network system. It allows the attacker be privy to certain kinds of sensitive information, which in essence narrows down the area of attack for the hackers. Footprinting if pulled of correctly can cause huge financial losses for the target organization. Footprinting allows the attackers -
The aim of Footprinting to the hacker is collecting system information (routing tables, passwords, and system names etc.), organization information (employee information, website information, location information and so on) and network information (domain name, VPN points, authentication means and so on).
There are a couple of methods, which hackers use to get sensitive data from organizations. These methods in conjunction with other tools carry out social engineering manipulations, which ultimately lead to attacks and hacking, these methods are -
Attackers get information such as login pages, employees’ information, internet portals and others from search engines. Attacks still have access to sensitive information taken off the internet, through internet archives or search engine caches. Websites like netcraft.com allow attackers gain access to their target organizations restricted websites.
Google hacking methods involve using advanced and arduous queries forms to gain sensitive information from the targets, discovering venerable targets, and using google search means to uncover specific string of texts. This method allows attackers discover sites connected to the company’s website, extract information on customers, business partners and vendors, and make the information gathered concise. Several operators (e.g - [allintitle:], [link:], [cache:] etc.) and filters can be used in Google to search personal info.
Employees post information about their personal lives, as well as information regarding their companies. For instance, employees use social media to reveal things like new clients, fresh deals, and company news and business partners. Attackers open new pages, track these employees and try to gain more information.
Attackers track organizations websites, to discover various sensitive information that to be used for the main attack. Hackers source out details like admin contact information, scripting platform used, version of OS used, software used by the organization and the file system framework for use during intrusion. Web spiders are used to gather information on the employees, which are used in an advanced method of social engineering and Footprinting to gain more information. Hackers often use Shodan tool to determine the OS. Shodan is the world's first search engine for Internet-connected devices.
This process involves intercepting emails, getting information from the email headers and using email tracking devices help the attacker gather sensitive information. Also it is possible to get lots of info from mail header.
This is a subtle method of gathering information from target organizations. This is done using internet resources such as websites, employment advertisements, search engines, client interviews, socially interacting with employees, patents, newsletters from organizations and analyst reports. Edgar database, Hoovers, LexisNexis etc. are some sites from where a hacker can get lots of info. Also company plans can be retrived from several sites likes experion, secinfo etc. sites.
This is managed by regulatory agencies and is privy to sensitive information on domain possessors such as contact details of domain owner, domain name, servers, domain creation date and Netrange. Attackers gain information through these means for the sole purpose of advancing to the social engineering stage. LanWhoIs, CallerIP, WhoIs Analyzer Pro, Domain Dossier etc are some tools used for WHOIS lookup.
Attackers get information through this means for social engineering attacks, because the DNS has pertinent information on location and server type, hence target hosts can be discovered with this method. Domain Dossier, DNS lookup, DNS watch etc. are some tools can be used for DNS information.
This involves manipulating social interactions with a human element, for the purpose of gaining delicate information. This works because most people are unaware they hold sensitive information, and as such are very lax about keeping it safe. Social engineering can be done through fake profiles on social media platforms, dumpster diving, snooping in on interactions, and shoulder surfing. Attackers gain information like operating systems, credit card details, and software versions. Hackers sometimes use - AnyWho.com, ussearch.com, intelius.com, 411.com, privateeye.com, peoplefinders.com etc. to search personal information.
Recon-ng is a structural powerhouse, fitted with the necessary tools to allow the user carry out open source reconnaissance mechanisms.
FOCA is used to source out metadata and sensitive information that has been hidden. A lot of work can be done using this application, from DNS snooping, to metadata extraction, fingerprinting, analyzing networks, and searching open directories.
A lot of other tools can be used to gather information on a target organization. For instance, robtex, TinEye, binging, searchbug, DNS-digger, GeoTrace, and many others.
Footprinting if done right, can cause a lot of financial damage to the target organization. It is therefore necessary, to put structures, policies and regulations in place, to counter the attacks from malicious individuals. Some policies that will ensure safety in the long run are -
Footprinting is done by an organization for the purpose of protecting its information, preventing leakage to attackers, eliminate the possibility of a successful DNS snooping attempt, and counter social engineering methods. Footprinting pen testing can be done using a number of steps, first of which is to gain legal authorization from the administrative personnel. The remaining steps involved are -
Published with the express permission of the author.