Footprinting and Reconnaissance

Leave a Comment / Cyber Security

We all use social media sites like Facebook, Instagram, etc. Whenever we see a friend request from an unknown person, we visit his/her profile and check their information, whether we know someone from their friends/followers list, whether they studied in the same school or college, etc. We may also check their photos and videos. This is known as Information Gathering.

In the same way, imagine that you are a penetration tester and you have to test a system. The first step that you will perform is Information Gathering. We refer to the system as the target. Let us learn in detail about the techniques used in the Information Gathering Phase.

What is Reconnaissance?

Reconnaissance is a set of techniques like FootPrinting, Scanning, and Enumeration which are use to discover and gather information about the target. Gathering information about the target makes it easier for the attacker to penetrate into the target. 

Steps to Perform Reconnaissance

As a penetration tester, you will perform the following steps in the Reconnaissance phase:

  1. Use search engines to search for the target organization’s name, its computer and network system names, and its IP addresses. Gather as much information as you can about your target.
  2. Narrow your scope based on the specific systems that you test.
  3. Perform detailed scans and tests to uncover all vulnerabilities in your target.
  4. Try to exploit vulnerabilities and perform attacks to get access to the system.

What is Footprinting?

Footprinting is a part of the Reconnaissance Phase, in which the attacker uses various methods to gather information about the target and the entities associated with it. This information can be gather through publicly available sources or by using various tools.

though it is the first step in Ethical Hacking. It helps to analyze the security posture of the target organization’s network. Penetration Testers perform Footprinting from a Black Hat hacker’s perspective so that they can find out how an attacker can penetrate into the system. 

It is crucial to gather all the important information about the target before penetration testing. it must be complete in an organized manner so that we do not miss out on any crucial information about the target. The information gathered in this phase will help to uncover the vulnerabilities. Attackers use this information to exploit these vulnerabilities and to gain unauthorized access to the system.

Types of Footprinting

Information can be gather in a number of ways. It can be through online sources or through the target itself. Based on this, there are two types:

  1. Passive: In Passive Footprinting, the attacker gathers information about the target without directly interacting with the target. It is mainly useful when gathering information that should not be detected by the target.

The attacker gathers publicly accessible information available online using search engines, checking social media sites, dumpster-dive, DNS lookups, mapping networks, etc. The target organization’s website can be a huge source of information which includes information about its customers, employees, its history, etc.

  1. Active:  In Active FootPrinting, the attacker gathers information about the target and its environment by directly interacting with the target. The target may detect the ongoing information gathering since we directly interact with it. 

The methods of active footprinting include human interaction, searching for digital files, email tracking, social engineering, performing WhoIs Lookup, Traceroutes, etc.

Objectives:

The major objectives of Footprinting are:

  1. To find out the security posture of the target organization.
  2. also To minimize the focus area of the target
  3. thus, To identify potential vulnerabilities in the target system.
  4. To draw an outline of the target organization’s network infrastructure.

How to Gather Information?

The common types of services that aid in information gathering are:

1. WhoIs Information:

When someone buys a domain, the database stores all the registration details. WhoIS is a protocol that queries and receives responses from the database that stores the registration information of a domain or an IP address. The information contains the name of the organization, the name of the domain owner, and the name of the developer. Information displayed includes Full name, Contact number, address, Email address. 

To perform a WhoIS lookup click on the link https://www.whois.com/whois/ and type the domain name that you want to lookup. You can get all information mention above. This can be scrutinize to find all crucial information in the domain

2. Reverse IP Lookup:

When multiple websites are hosted on the same server, it is refer as shared hosting. A reverse Ip lookup looks up the IP address and gives a list of all the domains running on the same server. 

To do Reverse IP lookup click on the link https://mxtoolbox.com/reverselookup.aspx  and enter the Ip address of your target web application. You will get all the domains that are hosted on the same server. This information can be used for your benefit.

3. Gathering Information about Websites: 

Information that a security expert gathers about the website include:

  1. Related domains and subdomains
  2. Technology and programming languages being used
  3. Cached pages
  4. Website history
  5. Publically indexed files on search engines
  6. Default pages and login forms
  7. Related IP addresses
  8. Other services running on those IP addresses
  9. Version of the services/software being used
  10. Publicly disclosed vulnerabilities in the software being used
  11. Default users
  12. Default passwords
  13. Valid email address and usernames
4. Gathering Targeted Information about People 

1. We can gather information about a person’s name through:

  1. Social media platforms
  2. Professional platforms

2. We can find out the name behind and email address through:

  1. Forgot password
  2. Services linked to that email
  3. Google search

3. We can find out the name behind a phone number through:

  1. Login and forgot password pages
  2. Google search
5. Gathering targeted information about organizations

1. We can find information about organizations through:

  1. Social media platforms
  2. Company review services
  3. Organisation financial analysis services
6. Gathering information about websites and web servers

1. Getting an idea about the technology being used by websites and web servers: https://www.builtwith.com

  • Frameworks: To see the programming languages used
  • Hosting providers: To see where the website is hosted
  • Webserver: To see the server software being used

2. Going through the history of a website: To see how the website looked in the past, its features, additions, and deletions that have been made over time – web.archive.org

Go to the year you want to see

Check out screenshots taken on any day, and also see the website as it was on that day

3. Finding out sub-domains related to a domain

www.dnsdumpster.com 

See a list of all the sub-domains of any given domain.

Footprinting Threats

Attackers perform Footprinting as the first step in hacking. Through this, they gather crucial information about the target which will help them in the hacking process. 

Following threats are made possible through it:

  1. Social Engineering: Hackers persuade people to give important information. Social engineering techniques are mostly directed to employees of the target organization, who end up giving information unaware of the hacker’s intent.
  1. System and Network Attacks: Hackers gather information to perform system and network attacks. They penetrate into networks of the target organization and may take control of the entire system.
  1. Information Leakage: Information leakage may pose a huge threat to an organization because it will be an added advantage to any attacker who is actively looking for any sensitive information.
  1. Privacy Loss: Hackers may use the information gathered through Footprinting to penetrate into networks and may even escalate privileges to admin or may change passwords locking the admin out of the system. This means loss of privacy for the organization.
  1. Business Loss: Hackers pose a serious threat to online businesses or other e-commerce websites. Online banking and finance sectors are also affected causing a monetary loss of billions of dollars.

written by: Shruti Iyer

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *