Ethical Hacking Phase I Reconnaissance Module Objectives Overview of the Reconnaissance Phase Introducing Footprinting Understandingthe information gathering methodology of hackers Comprehending the Implications Learning someof the tools used for reconnaissance phase Deploying countermeasures Revisiting Reconnaissance Reconnaissance refers to the preparatory phase where an attacker seeks Reconnaissance Clearing to gather as much Tracks information as possible about a target of evaluation prior to launching an attack. Maintaining Scanning Access Gaining Access Defining Footprinting Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner. Footprinting is one of the two pre-attack phases. The other is enumeration. Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved. Information Gathering Methodology Unearth initial information Locate the network range Ascertain active machines Discover open ports / access points Detect operating systems Uncover services on ports Map the Network Unearthing Initial Information Commonly includes: • Domain name lookup • Locations • Contacts (Telephone / mail) Information Sources: • Whois • Nslookup Whois Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name: targetcompany.COM Administrative Contact: Surname, Name (SNIDNo-ORG) email@example.com targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX Technical Contact: Surname, Name (SNIDNo-ORG) firstname.lastname@example.org targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX Nslookup Nslookup is a program to query Internet domain name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure. MX record reveals the IP of the mail server. Both Unix and Windows come with a Nslookup client. Locate the Network Range Commonly includes: • Finding the range of IP addresses • Discerning the subnet mask Information Sources: • Traceroute Hacking Tool: • Traceroute Traceroute Tracerouteis used to determine the route taken by packets across an IP network. In Windows the same tool is called tracert. Example Lab1: gathering information about wikipedia.org • whois (www.betterwhois.org) – Names of the DNS servers – ... • nslookup – obtain the DNS server's IP • traceroute – obtain the web server's name • nslookup – obtain the web server's IP Tool: VisualRoute Trace Tool: eMailTrackerPro eMailTrackerPro is the e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results Summary Information gathering. Footprinting renders a unique security profile of a target system. Whois can reveal public information of a domain that can be leveraged further. Traceroute and mail tracking can be used to target specific IP and later for IP spoofing. Nslookup can reveal specific users and zone transfers that can compromise DNS security.