Foot printing and

Enumeration
 Foot printing

Foot printing is one of the initial
stages of the hacking methodology

It is used to collect as much
information as possible about the
target system and/or network

It involves getting information about the
target network topology , performing DNS
and WHOIS queries, finding out the
versions of remote operating systems and
application software, and then
consolidating this information to build
further attacks.

It helps determine strengths and
weaknesses of the target network. It gives
information about the critical assets in that
target network so that more emphasis can
be made on exploiting those.
 Foot printing in practice

Website foot printing: This involves getting information
about the target website.

For example, http://www.netcraft.com/ is a website that
offers rich footprinting services.

Another useful website, http://www.bulkdachecker.com/url-
extractor/ , helps extract all the links in the target website.


Email foot printing: This technique involves
gathering information about the email
recipient by using various tracing and
tracking techniques.

Email Tracing: The email header can
reveal lot of useful information about the
sender. For example, the site
http://www.traceemail.com/trace-email-
header.html allows users to trace an email
just by copy-pasting the email header into
the Trace utility.


Email Tracking: This technique involves sending an
email to a recipient in order to track the location and
other details of the target user.

www.readnotify.com is a website that allows users to
track emails sent through this service. It works as
follows:
• A user sends an email to the target recipient using
readnotify.
• The receiver receives the email and opens it.
• As soon as the receiver opens the email for
reading, the sender receives a notification that the
mail was opened along with location and other
details.
 WHOIS Search

Querying the WHOIS database returns
the domain registrant information

To find out registrant information for
any website, one can use
https://whois.icann.org
Foot printing using Google

Google offers several advanced search operators that
help narrow down the search results to extract the
exact information needed.


For more interesting Google search operators, visit
https://www.exploit-db.com/ google-hacking-database/

 DNS Foot printing

DNS servers contain a wealth of information in the form of
internal IP addresses, host names, and pointers to other
servers.


This information can be extracted to build a further attack.


The site www.dnsstuff.com offers various tools for
interrogating the remote DNS server.
 People search and social
networking sites

A useful website other than the
popular social networking site is
pipl.com
 Searching devices with
Shodan

Shodan is a special-purpose search
engine for security enthusiasts that
helps find devices, passwords,
databases, webcams over the Internet
using specialized queries. Shodan is
located at https://www.shodan.io.
 Maltego search engine

Maltego ( https://www.paterva.com )
is an advanced search tool that
searches for the subject across the
Internet and creates a relationship
graph between the searched entities.
 Enumeration

Enumeration is a process of retrieving
information like usernames, default credentials,
host names, network shares, and services from
the target system

This is done by creating a connection with the
target system and then making relevant
queries to extract the required information.
 Common Enumeration
Tools

Nbtstat: A simple tool for diagnosing
NetBIOS over TCP


It is included by default in many
versions of Microsoft Windows.

Though its basic purpose is to
troubleshoot NetBIOS name resolution
problems, it can be used for NetBIOS
enumeration as well.

Using NetBIOS enumeration the following
information can be obtained:

• A list of computers/hosts connected in a
particular domain

• A list of shares on individual hosts

• Domain policies

Superscan: Superscan is another useful
tool from MacAfee that does IP scanning,
host and service discovery, port scanning,
zone transfers, and Windows
enumeration.

The Finger command : Finger is a
commonly used Linux/Unix utility for
finding out information about computer
users. By querying with Finger, one can
get login name, full name, home directory,
shell path, last login details, and so on.

Enumerating default passwords : Almost all
devices, equipment, and appliances
available on the market come with a default
password for first-time access

Sometimes an administrator forgets to
change the default password once the
device is configured.

Such devices are vulnerable to a password-
guessing attack. Default passwords can
easily be enumerated using the website
www.defaultpassword.com

Netscantools Pro: Netscantools Pro is a
suite of utilities for network foot printing
and enumeration. It offers various services
like ARP scan, OS fingerprinting, and SMB
enumeration, WHOIS, Packet Generator
and Flooder, ..
 Summary

• Footprinting is one of the initial stages of the hacking methodology and
is used to collect information about the target system and/or network.

• Website footprinting, email footprinting, and DNS footprinting are some
of the common types of footprinting.

• Enumeration is a process of retrieving information such as usernames,
default credentials, host names, network shares, and services from the
target system.

• NMAP, Superscan and Netscantools Pro are some of the tools used
for host and service discovery and network enumeration