Using Web Tools for Footprinting: A Comprehensive Guide, Assignments of Social Work

An in-depth exploration of using various web tools for footprinting, including competitive intelligence, DNS zone transfers, social engineering, and more. Learn how to gather information legally, identify methods for finding information about organizations, and protect against common attacks.

Typology: Assignments

2020/2021

Uploaded on 04/29/2021

shabir-ahmad-5
shabir-ahmad-5 🇵🇰

4

(1)

6 documents

1 / 47

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Hands-On Ethical
Hands-On Ethical
Hacking and Network
Hacking and Network
Defense
Defense
Chapter 4
Chapter 4
Footprinting and Social Engineering
Footprinting and Social Engineering
Last modified 2-23-09
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f

Partial preview of the text

Download Using Web Tools for Footprinting: A Comprehensive Guide and more Assignments Social Work in PDF only on Docsity!

Hands-On EthicalHands-On Ethical

Hacking and Network Hacking and Network

Defense Defense

Chapter 4 Chapter 4 Footprinting and Social Engineering Footprinting and Social Engineering Last modified 2-23-

Objectives Objectives

Use Web tools for footprintingUse Web tools for footprinting

Conduct competitive intelligenceConduct competitive intelligence

Describe DNS zone transfersDescribe DNS zone transfers

Identify the types of socialIdentify the types of social

engineering engineering

Web Tools for Footprinting Web Tools for Footprinting

Conducting Competitive Conducting Competitive

Intelligence Intelligence

Numerous resources to findNumerous resources to find

information legally information legally

Competitive IntelligenceCompetitive Intelligence

  • (^) Gathering information using technologyGathering information using technology 

Identify methods others can use to findIdentify methods others can use to find

information about your organization information about your organization

Limit amount of information companyLimit amount of information company

makes public makes public

Analyzing a Company’s Web Analyzing a Company’s Web

Site (continued) Site (continued)

ParosParos

  • (^) Start ParosStart Paros
  • (^) Set proxy server in a browserSet proxy server in a browser
  • (^) Then go to a site in the browserThen go to a site in the browser  mtsconsulting.net is a good testmtsconsulting.net is a good test
  • (^) Analyze -> Spider to find all the pagesAnalyze -> Spider to find all the pages

Setting a Proxy Server in Firefox Setting a Proxy Server in Firefox

  • (^) ToolsTools
  • (^) OptionsOptions
  • (^) AdvancedAdvanced
  • (^) SettingsSettings 

Then go toThen go to

  • (^) mtjconsulting.commtjconsulting.com

Scan Results Scan Results

In Paros:In Paros:

  • (^) AnalyzeAnalyze
  • (^) ScanScan 

Finds securityFinds security

risks in a site risks in a site

Again, don’t scanAgain, don’t scan

sites without sites without

permission! permission!

Using Other Footprinting Tools Using Other Footprinting Tools

WhoisWhois

  • (^) Commonly used toolCommonly used tool
  • (^) Gathers IP address and domainGathers IP address and domain information information
  • (^) Attackers can also use itAttackers can also use it 

Host commandHost command

  • (^) Can look up one IP address, or the wholeCan look up one IP address, or the whole DNS Zone file DNS Zone file  All the servers in the domainAll the servers in the domain

Sam Spade Sam Spade

GUI toolGUI tool

AvailableAvailable

for UNIX for UNIX

and and

Windows Windows

Easy to useEasy to use

Using E-mail Addresses Using E-mail Addresses

E-mail addresses help you retrieveE-mail addresses help you retrieve

even more information than the even more information than the

previous commands previous commands

Find e-mail address formatFind e-mail address format

  • (^) Guess other employees’ e-mail accountsGuess other employees’ e-mail accounts 

Tool to find corporate employeeTool to find corporate employee

information information

  • (^) Groups.google.comGroups.google.com

Using Netcat as Using Netcat as a Browser a Browser 

Use Ubuntu LinuxUse Ubuntu Linux

nc www.ccsf.edu 80nc www.ccsf.edu 80

HEAD / HTTP/1.0HEAD / HTTP/1.

  • (^) Gets headerGets header 

GET / HTTP/1.0GET / HTTP/1.

  • (^) Gets whole Web pageGets whole Web page
  • (^) OpenOpen www.ccsf.eduwww.ccsf.edu in a browser andin a browser and compare to source code compare to source code  Activity 4-3 in your book does not workActivity 4-3 in your book does not work