What is Footprinting?
Footprinting is the process of collecting as much as information as possible about a target network. for identifying various ways to intrude into an organization’s network system.
Footprinting is the first step of any attack on information system; attacker gathers publicly available sensitive information, using which she/he perform social engineering, system and network attack. etc that leads to huge financial loss and loss of business reputation.
Footprinting allows attackers to know the external security postures of the target organizations.
Reduce Focus Area
It reduces attacker’s focus area to specific range of IP address, networks, domain names, remote access.
Identify Vulnerability
It allows attacker to identify vulnerabilities in the target systems in order to select appropriate exploits.
Draw Network Map
It allows attackers to draw a map or outline the target organization’s network infrastructure to know about the actual enviorment that they are going to break.
Objectives of Footprinting
Collect Network Information
Domain Name , Internal domain names , Network blocks , IP address of the reachable systems , Private websites.
TCP and UDP services running , Access control mechanisms and ACL’s , Networking protocols , VPN Points
IDSes running , Analog/digital telephone numbers , Authentication mechanisms , System enumeration.
Collect System Information
User and group names , System banners , Routing Tables , SNMP information.
System architecture , Remote system type , System names , Password.
Collect Organization’s Information
Employee details , Organization’s website , Company directory , Location details , Address and phone numbers , comments in HTML source code.
Security policies implemented , Web server links relevant to the organization’s , Background of the organizations , News articles , Press Release.
Footprinting Through Search Engines
Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and othe types of advanced systems attacks
Search for the target company’s external URL in a search engine such as Google, Bing , Duck Duck Go, etc.
Also Read: How to hack wifi using kali linux
Use the Netcraft tool to determine the OS in use by the target organizations.
And Also Use SHODAN search engine that lets you find specific computers ( router, servers, etc) using a variety of filters.
Collect Location Information
Google Earth — use Google Earth tool to get the physical location of the target.
People Search: Social Networking Sites/People Search Services
Social Networking sites are the great source of personal and organizational information Like, Facebook , Twitter, Instgram, Linkedin , etc.
Gather Information From Financial Services
Financial services provides a useful information about the target company such as the market value of a company’s share, company profile, competitor details.
Originally published at https://exploitbyte.com on November 19, 2019.