HackingSecurity

Ways to check vulnerability of a Company-Footprinting technique

WHAT IS FOOTPRINTING?

Dictionary defines Footprinting is the process of gathering information about a specific computer system or a network environment just like a company it belongs to. This is the preparatory phase for the hacker where he gathers as much information as he can so as to find ways to intrude into the target. Footprinting technique can reveal the vulnerabilities of the target system and improve the ways in which they can be exploited.

Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting technique is to learn as much as you can about a system, it’s remote access capabilities, its ports and services, and the aspects of its security. In order to perform a successful hack on a system, it is best to know as much as you can While there is many company in the world that isn’t aware of hackers, most companies are now hiring hackers to protect their systems. And since FootPrinting can be used to attack a system, it can also be used to protect it. If you can find anything out about a system, the company that owns that system, with the right personal, can find out anything they want about you.

what is footprinting-blacklisthackers

It is the easiest and safest way to go about finding information about a company. Information that is available to the public, such as phone numbers, addresses, etc. Performing whois requests, searching through DNS tables are other forms of open source footprinting. Most of this information is fairly easy to get, and within legal limits. One easy way to check for sensitive information is to check the HTML source code (Ctrl+u) of the website to look for links, comments, Meta tags etc.

Do you know?

Footprinting has to be done in a slow and methodological manner where the hacker spends 90% of his time in blueprinting the security profile of the target and only 10% in launching the attack

Below I will give you examples of the steps and services a hacker would use to get information from a website, now buckle up and get ready to hack.

INFORMATION GATHERING TECHNIQUE:

Suppose if a hacker decides to break into a target-company, he can only do so after blueprinting the target and assessing the possible vulnerabilities. Based on this information, the hacker can carry out possible attacks such as breaking into the company’s database, hacking its website or causing denial of service. The following are some of the different types of information that a hacker could gather before actually carrying out the attack:

  • Obtaining Archive of the Target Website

Getting access to the archive of the target website will let you know how the website was during the time of its launch and how it got advanced and changed over time. You will also see all the updates made to the website, including the nature of updates and their dates. You can use the WayBackMachine tool to access the this information.

-WayBackMachine:  http://archive.org/web/

 Just use the above link to visit the WayBackMachine website and type in the URL of the target website. You should get a list of archives of the website listed in a month by month and yearly basis as shown in the snapshot below:

  • Obtaining the Domain Name Information

Various background information about the target website (domain name) such as the name of ts owner and registrardate of its registrationexpiry datename servers associated, contact details associated with it such as emailphone and address can be found out by performing a Whois lookup. The following are some of the popular websites where you can perform Whois lookup on any domain to uncover its background information:

 When a sample Whois Lookup performed on “facebook.com” at http://www.whois.com/whois/ it shows the following result.

checks out the

  • Finding IP Address and Hosting Provider

Information such as the IP address of the website and its hosting provider can be very crucial. This can be easily found out using the following website:

-WhoIsHostingThis:   http://www.whoishostingthis.com/  Just visit the above website and enter the domain name of your choice to obtain its IP address as well as the name of its hosting provider as shown below.

As you can see from the snapshot given below, a query on “facebook.com” reveals its IP addresshosting provider and also the name servers associated with it.

whoishostingthis

-Finding IP Address Location

Finding out the physical location of the IP address is very simple. Just visit the following website and enter the target IP address to reveal its physical location:

-IP2Location:  http://www.ip2location.com/demo

A snapshot of sample query for the IP address 104.28.24.66 on ip2location.com website is shown below:

ipaddresslocation

-Finding IP Address Range

While small websites may have a single IP address, big players such as Google, Facebook and Microsoft have a range of IP addresses allocated to their company for hosting additional websites and servers. This range of information can be obtained from the official website of American Registry for Internet Numbers (ARIN). The URL for the ARIN website is listed below:

-ARIN  Website: https://www.arin.net/

 Visit the above URL and insert the IP address of any given website in the “Search Whois” box found at the top right corner of the web page. Here is a snapshot showing the results of a sample query performed on the Facebook’s IP address 173.252.120.6.

-Traceroute

Traceroute is a network diagnostic tool to identify the actual path (route) that the information (packets) takes to travel from source to destination. The source will be your own computer called localhost. The destination can be any host or server on the local network or Internet.

The traceroute tool is available on both Windows and Linux. The command syntax for Windows is as follows:

tracert target-domain-or-IP

The command syntax for Linux is as follows:

traceroute  target-domain-or-IP

Usually, the transfer of information from one computer to another will not happen in a single jump. It involves a chain of several computers and network devices called hops to transmit information from source to destination. Traceroute identifies each hop on that list and the amount of time it takes to travel from one hop to another. A snapshot of the traceroute performed on “google.com” using a Windows computer is shown below:

As shown in the above snapshot, the traceroute tool identifies all the hops present in the path traversed by packets from source to destination. Here 192.168.0.1 is the private IP and 117.192.208.1 is the public IP of the source (my computer). 74.125.236.66 is the destination IP address (Google’s server). All the remaining IP addresses shown in between the source and the destination belong to computers that assist in carrying the information.

SOME OTHER HANDY TECHNIQUES USED IN FOOTPRINTING:

-Ping Sweep:

Ping a range of IP addresses to find out which machines are awake. How to ping in a machine (Pc or laptop)
Goto command promt or simply run WIND keys+R and type ping {then address}
Eg:  ping 192.168.70.14 or ping www.csice.org

-DNS Enumeration:

By using sam spade we can do dns in windows or in cmd : type (nslookup servername) if u want to know how dns is do in Linux please e-mail me aarav@blacklisthackers.com

-TCP Scans:

Scan ports on machines to see which services are offered. TCP scans can be performed by scanning a single port on a range of IPs, or by scanning a range of ports on a single IP. Both techniques yield helpful information.

-To get information about a person in that company:

Use social networking sites like : www.facebook.com , www.myspace.com ,twitter,etc
Use websites like : www.blackbookonline.info  ,www.peoplesearch.com/  etc
these tricks will help to get the bank details , credit card details, mobile numbers , past history , etc

-To study the company’s location and infrastructure from a remote place:

Use google Earth download it from: www.google.com/earth/index.html

-To know where all servers u where connected now:
use the tool : callerip

-To trace an E-MAIL :

eMailTrackerPro : It analyzes the e-mail header and provides the IP Address of the machine that sent the e-mail. This can then be used to track down the sender. This is especially helpful in preventing spamming and spoofing

Conclusion

So now you will be aware of several techniques used to perform footprinting to gather a whole lot of information about the target. Once you are done with organizing the data that you have obtained through the footprinting process, you can sit back and analyze them to find out possible vulnerabilities in any of the technologies used in the website.For this you can use a notepad or a text editor to wrote whole lot of information about a target.

Many network administrators often fail to update vulnerable software and scripts running on their server to the latest version. This can open an opportunity for the hacker to exploit and gain access to the system. Therefore, it is Important to identify and patch the existing vulnerabilities on a regular basis and also limit the amount of sensitive information leaked to the Internet.

 

Harinder
the authorHarinder
blacklisthackers.com is created and owned by Harinder(Aarav).Aarav is a technology Blogger from India(Dehradun). He’s Quiet type and Creative Guy who enjoys creating and exploring new trends on the WEB. Currently pursuing B.tech from DIT University.

Leave a Reply