Hacking Module 02

8/9/2019 Hacking Module 02

http://slidepdf.com/reader/full/hacking-module-02 1/28

NMCSP2008 Batch-I

Module II

Footprinting



Scenario

Adam is furious. He had applied for the networkengineer job at targetcompany.com He believesthat he was rejected unfairly. He has a good trackrecord, but the economic slowdown has seen manylayoffs including his. He is frustrated ± he needs a

job and he feels he has been wronged. Late in theevening he decides that he will prove his mettle.

W hat do you think Adam would do?

W here would he start and how would he go about it? Are there any tools that can help him in his effort?

Can he cause harm to targetcompany.com?

As a security professional, where can you lay checkpoints and how can you deploy countermeasures?



Module Objectives

Overview of the Reconnaissance Phase

Introducing Footprinting

Understanding the information gatheringmethodology of hackers

Comprehending the implications

Learning some of the tools used forreconnaissance phase

Deploying countermeasures



Module Flow

Reconnaissance

Information gathering

Defining Footprinting

Hacking Tools



Revisiting Reconnaissance

ClearingTracks

Maintaining Access

Gaining Access

Scanning

ReconnaissanceClearing

Tracks

Maintaining Access

Gaining Access

Scanning

Reconnaissance

Reconnaissance refers tothe preparatory phase

where an attacker seeksto gather as muchinformation as possibleabout a target of evaluation prior tolaunching an attack.

It involves network scanning, either externalor internal, withoutauthorization.



Defining Footprinting

Footprinting is the blueprinting of the security profile of an organization, undertaken in amethodological manner.

Footprinting is one of the three pre-attack phases. The others are scanning andenumeration.

Footprinting results in a unique organizationprofile with respect to networks (Internet/Intranet/Extranet/ W ireless) and systemsinvolved.



Information Gathering Methodology

Unearth initial information

Locate the network range

Ascertain active machines

Discover open ports/access points

Detect operating systems

Uncover services on ports

Map the Network



Unearthing Initial Information

C ommonly includes:

Domain name lookup

Locations

Contacts (Telephone/mail)

I nformation Sources:

Open source

W hoisNslookup

Hacking Tool:

Sam Spade



Passive Information Gathering

To understand the current security status of aparticular Information System, theorganizations carry out either a PenetrationTest or utilizing other hacking techniques.

Passive information gathering is done by finding out the details that are freely availableover the net and by various other techniques

without directly coming in contact with theorganization¶s servers.



Competitive Intelligence Gathering

Competitive Intelligence Gathering is theprocess of gathering information fromresources such as the Internet.

The competitive intelligence is non-interferingand subtle in nature.

Competitive Intelligence is both a product andprocess.



Competitive Intelligence Gathering (contd.)

The various issues involved in CompetitiveIntelligence are:

Data Gathering

Data Analysis Information Verification

Information Security

Cognitive Hacking

Single source

Multiple source



Hacking Tools

W hois

Nslookup

ARIN

Neo Trace

VisualRoute Trace

Smart W hois

VisualLookout

eMailTrackerPro



W hois

Registrant:targetcompany (targetcompany-DOM)# Street AddressCity, ProvinceState, Pin, Country Domain Name: targetcompany.COM

Domain servers in listed order:

NS1.WEBHOST.COM XXX.XXX.XXX.XXX

NS2.WEBHOST.COM XXX.XXX.XXX.XXX

Administrativ eContact:Surname, Name (SNIDNo-ORG) [email protected]

targetcompany (targetcompany-DOM) # Street AddressCity, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX

Technical Contact:

Surname, Name (SNIDNo-ORG) [email protected] (targetcompany-DOM) # Street AddressCity, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX



Nslookup

http://www.btinternet.com/~simon.m.parker/IP-utils/nslookup_download.htm

Nslookup is a program to query Internet domain nameservers. Displays information that can be used to

diagnose Domain Name System (DNS) infrastructure. Helps find additional IP addresses if authoritative DNS

is known from whois.

MX record reveals the IP of the mail server.

Both Unix and W indows come with an Nslookup client. Third party clients are also available ± e.g. Sam Spade.



Scenario (contd.)

Adam knows that targetcompany is based in NJ.

However, he decides to check it out. He runs a

whois from an online whois client and notes the

domain information. He takes down the email IDs

and phone numbers. He also discerns the domain

server IP s and does an interactive Nslookup.

Ideally, what is the extent of information that should be revealed to

Adam during this quest?

Are there any other means of gaining information? Can he use the

information at hand in order to obtain critical information?

W hat are the implications for the target company? Can he cause

harm to targetcompany.com at this stage?



Locate the Network Range

C ommonly includes:

Finding the range of IP

addresses

Discerning the subnet mask

I nformation Sources:

ARIN (American Registry of

Internet Numbers)

Traceroute

Hacking Tool:

NeoTrace

Visual Route





Screenshot: ARIN W hois Output

ARIN allows search on the whoisdatabase to locate information onnetworks autonomous systemnumbers (ASNs), network-relatedhandles and other related point of contact (POC).



Traceroute

Traceroute works by exploiting a feature of the Internet

Protocol called TTL, or Time To Live.

Traceroute reveals the path IP packets travel between

two systems by sending out consecutive UDP packets

with ever-increasing TTLs .

As each router processes a IP packet, it decrements the

TTL. W

hen the TTL reaches zero, it sends back a "TTLexceeded" message (using ICMP) to the originator.

Routers with DNS entries reveal the name of routers,

network affiliation and geographic location.



Tool: NeoTrace (Now McAfee Visual Trace)

NeoTrace shows thetraceroute output visually ± map view,node view and IP view



Tool: VisualRoute Trace

www.visualware.com/download/

It shows the connection path andthe places where bottlenecks occur



Tool: Smart W hois

http://www.softdepia.com/smartwhois_download_491.html

Smart W hois is a useful network information utility that allows you to find out all available informationabout an IP address, host name, or domain, includingcountry, state or province, city, name of the network

provider, administrator and technical support contactinformation.

Unlike standard W hois utilities,Smart W hois can find theinformation about a computer

located in any part of the world,intelligently querying the rightdatabase and delivering all therelated records within a few

seconds.



Scenario (contd.)

Adam makes a few searches and gets someinternal contact information. He calls thereceptionist and informs her that HR had asked him to get in touch with a specific person in the IT division. I t¶s lunch hour, and he says he¶ d rather

e-mail the person concerned than disturb him. Hechecks up the mail id on newsgroups and stumbleson an IP recording. He traces the IP destination.

W hat preventive measures can you suggest to check theavailability of sensitive information?

W hat are the implications for the target company? Canhe cause harm to target company at this stage?

W hat do you think he can do with the information hehas obtained?



Tool: VisualLookout

http://www.visualware.com/

VisualLookout provides high level views as well as detailed andhistorical views that provide trafficinformation in real-time or on ahistorical basis.

In addition the user can request a"connections" window for any server, which provides a real-time view of all the active network connections showing

w ho is connected,

w hat service is being used,

whether the connection isinbound or outbound, and

ho w many connections areactive and how long they have been connected.



Screenshot: VisualRoute Mail Tracker

It shows the number of hops madeand the respective IP addresses,Node names, Locations, Timezones, Networks, etc.



Tool: eMailTrackerPro

eMailTrackerPro is the e-mailanalysis tool that enables analysisof an e-mail and its headersautomatically providing graphical

results



Tool: Mail Tracking (mailtracking.com)

Mail Tracking is atracking service thatallows the user to track when his mail was read,

how long the message was open and how oftenit was read. It alsorecords forwards andpassing of sensitiveinformation (MS Office

format)



Summary

The information gathering phase can be categorized

broadly into seven phases.

Footprinting renders a unique security profile of a

target system. W hois and ARIN can reveal public information of a

domain that can be leveraged further.

Traceroute and mail tracking can be used to target

specific IPs and later for IP spoofing.

Nslookup can reveal specific users and zone transfers

can compromise DNS security.

Hacking Module 02

Documents