Footprinting tutorial - Information gathering
This tutorial is those who are appearing for the CEH exam. They can use it as a study material for their exam studies.
Footprinting is the first phase of hacking. It involves information gathering about the victim. Here Victim may be a computer system, network or website. This part of hacking is very important because to hack a computer system, hacker needs to know much about the target. The data gathered in this phase is used to hack the victim or system. Footprinting can reveal system vulnerabilities and identify the ease with which they can be exploited.
Generally, a hacker spends 90 percent of the time profiling and gathering information on a target and 10 percent of the time launching the attack.
Suppose a hacker want to intrude in the network of a company. Then he use the website of that company to get the list of employee and then they can use facebook or Google to get their email adresss, phone number and other data. This email address can be used for Phishing attack to get the password of email account which will surely have the account details of company network account. This is the simple attack example but it depends on the hacker, how he is using this to get information about the victim.
Google is the friend of hackers to perform footprinting. Because it helps hacker to find information about any individual person, any website and a company network. Google hacking tricks are best way to explore more data from google. Use my older post on Google hacking and operators used on Google hacking.
Some of the common sources used for information gathering include the following:
Domain name lookup
Whois
Nslookup
Sam Spade
These are not the only tools used for footprinting. These may change according to the victim. A hacker want to get all the information needed to hack the victim. So Hacker should decide what he can do to get effective information about the target.
Steps of information gathering or Footprinting
- Unearth Initial Information
- Locate the Network Range
- Ascertain Active Machines
- Discover Open Ports/Access Points
- Detect Operating Systems
- Uncover Services on Ports
- Map the Network
No comments:
Post a Comment