Printed by: ranarajnish2S@gmail.com. Printing is for personal, private use onily. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted. Fonisrmane ana feconavonce Information Obtained in Footprinting System information cation ole servers ‘rane and ocaton cas ubiy aalable ema Sackrourd ofthe eesiont Web ecnolgies Ns arte, press eleesen, Sndretated docoments | @ ONS recrss Information Obtained in Footprinting > The major objectives of footprinting collecting the network inforration, system information, and organizational information of the target. By conducting footprinting across different network levels, you can gain information such as network blocks, spétific IP addresses, employee detalls, and so on. Such information can help attackers in galing access to sensitive data or performing various attacks on the target network, o * Organization Information: The information about an otgahization is available from its website. In addition, you can query the target's domain Fane against the Whois database and obtain valuable information. V ‘The information collected includes: y ©, ERiplGyee details (employee names/icntact addresses, designations, and work experience) , 44° Addresses and mobile/telephoneslimbers “© Branch and location details)” Partners of the organization We tks toctherdgponylted shes Bockeround of the oeaization We techalogis ews artes, rest releases, and ete documents Leg documents related othe oan eo oo oO Moda? age 0? ecatnacing ad Coteau Cope © EE eam ‘Antigsroe Reproaucton Esta) onaPrinted by: ranarajnish2S@gmail.com. Printing is for personal, private use onily. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted. Fonisrmane ana feconavonce ©. Patents and trademarks related to the organization ‘Attackers can access organizational information and use such information to identify key personnel and launch social engineering attacks to extract sensitive data about the entity. Network Information: You can gather network information by performing Whois database analysis, trace routing, and so on. ‘The information collected includes: (© Domain and sub-domains Network blocks , Network topology, trusted routers, and firewalls IP addresses of the reachable systems Whois records y (© DNS records and related information. + System Information: You can gather system/information by performing network footprinting, ONS footprinting. website footpfting, emall footprinting, and son, ‘The information collected includes: © Web server 0 oo 0 ° © Location of web servers > © Publicly avalable etal aguresses © Usernamesipassivords, and s0 on. Objectives of Footprinting Y To bull a hacking strate, attackers must gather informaljon about the target organization's network. They then use such information to identify, the easiest way to break through the organization's secbrity perimeter. As mentioned previously, the footprinting methodology makes it easy to gather information about the target orgafvdation and plays a vital ole inthe hacking process. Y 2 \ Footbyinting provides an outline of the seeufity posture, such as the placement of firewalls, proxies, and other security solutions. Hatkers can analyze the footprinting report to identify loopholes in the security posture ofthe target organization and build hacking plan accordingly. By using @ combination of tools"and techniques, attackers can take an unknown entity (for example, XYZ Organization) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet, in addition to other Getails pertaining tos security posture. A detailed footprint provides maximal information about the target organization, allowing the attacker to identity vulnerabilities inthe target systems to select appropriate exploits. Attackers can build their own information database regarding the security weaknesses of the target Moda? age 08 ecatnacing ad Coteau Cope © EE eam ‘Antigsroe Reproaucton Esta) onaPrinted by: ranarajnish2S@gmail.com. Printing is for personal, private use onily. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted. Footprinting Methodology ~ Now that you are familiar with footprintingieancepts and potential threats, we Wdiscuss the footprinting methodology. The footprinting methodology is a procedure "or collecting information about 2 target ion from all available sources,.[tyivolves gathering information about a target on such as URLs, locations, establishrhent detalls, number of employees, specific range of domain names, contact information, and other related information. Attackers colleetthis information from publicly acceSsiblé sources such as search engines, socal networking sites, Whois databases, and so on. The-diagram given below lustrates the commontechriques dSedt colt information about the trget organization rom diferent sources. y _/ ° Moda? Page 10 ecatnacing ad Coteau Cope © EE eam ‘Antigsroe Reproaucton Esta) onaPrinted by: ranarajnish2S@gmail.com. Printing is for personal, private use onily. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted. soln gure: FootoretingTeehlgues Moda? age 8 ecatnacing ad Coteau Cope © EE eam ‘aii acron Rproaucton Hse ay rmaPrinted by: ranarajnish2S@gmail.com. Printing is for personal, private use onily. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted. Fonisrmane ana feconavonce Footprinting Using Advanced Google Hacking Techniques ¢ { EH |& Goorle hacking refers othe use of advanced Google search operators for creating complexsearch ‘queries to extract sensive hidden information that helps attackers find vulnerable targets Footprinting Using Advanced Google Hacking Techniques ~ Google hacking refers to the use of advatited Google search operators for crBatihg complex ‘search queries to extract sensitive of hidden information. The accessed information is then used by attackers to find vulnerable targets; Footprinting using advanced Googléfigcking techniques invoives locating specific strings of téxt within search results using advanted operators in the Google search engine.. eo ‘Advanced Google hacking refers to the art of creating complex search engine queries. Queries can retrieve valuable data ebout a target company from Google séarch results. Through Google hacking, an attatker tries to find websites that are vulnerable to exploitation. Attackers can use ‘the Google Hacking Database (GHDB), a database of queties, to identify sensitive data. Google ooeagetl habit the requed wat ood eves Frelcnn et, Usngsdvoned Google SE Water es ont octc en atte wrpeche oo ommntiones ‘applications. When a query without advanced! a ‘operators is specified, Google traces the pe Se eee. ational e ee iapsd Sort’ march Conde ofts sony seach apres These seen oper haf tarow doe he eas uc ang ox reo sere ode ie aki cn oper a ie ek Note: Do not enter any spaces between the operator and the query. Moda? age ecatnacing ad Coteau Cope © EE eam ‘Antigsroe Reproaucton Esta) ona