Information Security: Footprinting

Before launching any attacks or using advanced tools, a thorough information gathering exercise must be performed. This might be the most important exercise in the whole hacking process and is certainly the longest one, taking weeks or months to complete.

Before getting any further let’s just clear up that by footprinting we mean learning as much as possible about the target, including remote access capabilities, open ports and services and what security mechanisms are in place.

Now, sit tight and let’s dive into the process, starting with the famous W’s.

Eva’s little lesson learned 1: Who/What is the target? Is it a company? A local business? A bank? Your neighbor? (don’t try that) What type of information do we want to obtain? Social media accounts? Medical records? Phone number? Financial data? Where is the target? Start with the IP address and the IP address range, domain name information including physical addresses and DNS records. Make a map on all the things you need and you can put more information in that as we go through this process.

This part is crucial because if this part of the process is well performed, it will determine when and how the attack should be launched.

Eva’s little lesson learned 2: Tools. These are only powerful if you know how to use them. Right now there are a lot of tools for information gathering and analysis. Some of those that I use most often are mentioned below:

  1. Nmap. This is a powerful open source network tool for network discovery and security auditing. It can also be useful for tasks such as network inventory, managing service upgrade schedules or monitoring hosts. The following link is a quick reference guide on how to use this tool: nmap-cheat-sheet-and-pro-tips. One of the interesting parts of this tool is that it allows scanning for network vulnerabilities. This can be done using the NSE scripts. Currently there are around 581 NSE scripts and to get an easy list of installed scripts, the command locate nse | grep script can be used.
  2. Nikto2. This tool is an evolution of the original nikto scanner that is a website vulnerability scanner which checks for over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. On the following link can be found a quick reference on how to use this tool: nikto-cheat-sheet-and-pro-tips
  3. NetCat. It’s a utility capable of establishing a TCP or UDP connection between two computers, meaning it can write and read through an open port. With the help of the program, files can be transferred and commands can be executed in some instances. Here is a quick reference on how to use it: netcat-cheat-sheet-and-pro-tips . Some of the tasks that this tool can perform include port scanning, banner grabbing and opening remote shells, setting up a honey pot.
  4. Metagoofil. This is another strong information gathering tool, a metadata harvester that takes metadata from the target and the puts it in form of a web page. This tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names. Below is one example on how this tool can be used:
An example on how to perform an online search using metagoofil

Eva’s little lesson learned 3: The Internet. Of course when trying to “get to know someone or something”, a good place to look for information is the World Wide Web.

  1. One very useful tool is Google Hacking Database (GHDB), which is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. This database contains user-submitted queries divided into different categories — such as vulnerable files, files containing passwords, information about the server and the software on it, finding online devices and so on
  2. Shodan. Another useful tool. This is sentient hyper optimized data access tool, that allows you to see what devices are connected to the internet, who is using them and where they are.

There are a lot more tools that you can use and find out there, however the important part here is to have an idea of what you are expecting to find and that will make the part of choosing the tools and using their features so much easier.

Just don’t forget, to be able to find anything you first have to overcome the fear and dive in. Happy Diving!

soc analyst serving tech bites as articles.