WHAT IS FOOTPRINTING?
Footprinting refers to the process of gathering information about a specific computer system or a network environment and the company it belongs to. This is the preparatory phase for the hacker where he gathers as much information as he can so as to find ways to intrude into the target. Footprinting can reveal the vulnerabilities of the target system and improve the ways in which they can be exploited. Footprinting has to be done in a slow and methodological manner where the hacker spends 90% of his time in blueprinting the security profile of the target and only 10% in launching the attack. Footprinting can actually help hacker decide on the type of attack that is most suitable for the target.
INFORMATION GATHERING METHODOLOGY
Suppose if a hacker decides to break into a target-company, he can only do so after blueprinting the target and assessing the possible vulnerabilities. Based on this information, the hacker can carry out possible attacks such as breaking into the company’s database, hacking its website or causing denial of service. The following are some of the different types of information that a hacker could gather before actually carrying out the attack:
Obtaining the Domain Name Information
Various background information about the target website (domain name) such as the name of its owner and registrar, date of its registration, expiry date, name servers associated, contact details associated with it such as email, phone and address can be found out by performing a Whois lookup. The following are some of the popular websites where you can perform Whois lookup on any domain to uncover its background information: http://www.whois.com/whois/
https://who.is/
http://whois.domaintools.com/
A sample Whois Lookup performed on “facebook.com” at http://www.whois.com/whois/ shows the following information:
Figure 5. 1 Finding IP Address and Hosting Provider Information such as the IP address of the website and its hosting provider can be very
crucial. This can be easily found out using the following website: WhoIsHostingThis: http://www.whoishostingthis.com/
Finding IP Address Location
Finding out the physical location of the IP address is very simple. Just visit the following website and enter the target IP address to reveal its physical location: IP2Location: http://www.ip2location.com/demo A snapshot of sample query for the IP address 173.252.120.6 on ip2location.com.
Finding IP Address Range
While small websites may have a single IP address, big players such as Google, Facebook and Microsoft have a range of IP addresses allocated to their company for hosting additional websites and servers. This range of information can be obtained from the official website of American Registry for Internet Numbers (ARIN). The URL for the ARIN website is listed below: ARIN Website: https://www.arin.net/
Traceroute
Traceroute is a network diagnostic tool to identify the actual path (route) that the information (packets) takes to travel from source to destination. The source will be your own computer called localhost. The destination can be any host or server on the local network or Internet. The traceroute tool is available on both Windows and Linux. The command syntax for Windows is as follows: tracert target-domain-or-IP
The command syntax for Linux is as follows: traceroute target-domain-or-IP
Usually, the transfer of information from one computer to another will not happen in a single jump. It involves a chain of several computers and network devices called hops to transmit information from source to destination. Traceroute identifies each hop on that list and the amount of time it takes to travel from one hop to another. A snapshot of the traceroute performed on “google.com” using a Windows computer.
As shown in the above snapshot, the traceroute tool identifies all the hops present in the path traversed by packets from source to destination. Here 192.168.0.1 is the private IP and 117.192.208.1 is the public IP of the source (my computer). 74.125.236.66 is the destination IP address (Google’s server). All the remaining IP addresses shown in between the source and the destination belong to computers that assist in carrying the information.
Obtaining Archive of the Target Website
Getting access to the archive of the target website will let you know how the website was during the time of its launch and how it got advanced and changed over time. You will also see all the updates made to the website, including the nature of updates and their dates. You can use the WayBackMachine tool to access the this information. WayBackMachine: http://archive.org/web/
Just use the above link to visit the WayBackMachine website and type in the URL of the target website. You should get a list of archives of the website listed in a month by month and yearly.
COUNTERMEASURES
I hope you are now aware of several ways using which you can successfully perform footprinting to gather a whole lot of information about the target. Once you are done with organizing the data that you have obtained through the footprinting process, you can sit back and analyze them to find out possible vulnerabilities in any of the technologies used in the website. Many network administrators often fail to update vulnerable software and scripts running on their server to the latest version. This can open an opportunity for the hacker to exploit and gain access to the system. Therefore, it is important to identify and patch the existing vulnerabilities on a regular basis and also limit the amount of sensitive information leaked to the Internet.
0 Comments