Skip to main content

Chapter 2: Footprints

Foot-printing is an art of gathering minute details of the target like IP, OS, Software installed, Security Systems, Location, Owners, Emails, Personal data etc. A hacker gathers all the details needed to break into the system. There are numerous ways to do this and also various tools and tricks available for this. Lets discuss some of them so that we can have some idea of what foot-printing is.

Foot-printing can be categorized into two types on the basis of access mode.
a) Active Mode
b) Passive Mode
                               

a) In Active Mode, the attacker makes actual contact with the target system. The active method includes process such as email tracking, website mirror, server confirmation.
  • Email Track: Examine email path from where is email coming, the IP, the path it took. Tools like Email Tracker Pro(Link at bottom) provide such details. these details are used to trace the fake mail's source IP's, location and path. For this tracking, the email header must be known. There are numerous tutorials on you tube on how to get email headers from email and it is straightforward.
  • Website Mirror: The content of a website are downloaded into local system for offline usage and analysis. In this way, the attacker doesn't necessarily need to be online to be accessing the site. This is kind of safe method for footprinting. Online tools like HTTracker Website Copier(Link at bottom) can perform these tasks.
  • Server Confirmation: Confirmation regarding the reachability of servers. Inquiry of the path from attacker to target, time to reach target and performance of link when on load etc are the test that has to be made for footprinting. Terminal commands such as ping, tracert etc are useful for such operations. 
b) In Passive Mode, the attacker doesn't makes actual/direct contact with the system of target, rather it gains valuable information from external resources such as google, social networking sites, who is , DNS lookup etc. For this an attacker can either use web app or some kind of software tools.


  • Web App
  1.  Google Hacking Database : hackersforcharity.org , exploit-db.com are websites where vulnerabilities of various websites are presented in a structured way under categories of vulnerabilities. Hackers use these websites to know the weakness of various targets.
  2. Individual Searching:  Sites like https://www.spokeo.com/  take data from many social networking sites and other part of internet for personal info such as cell number, email, residence,age etc.
  3. Website Informer: website.informer.com is a website that provides details of a website such as IP , location, owner of website, domain, associated emails, DNS, creation date and expiry date of domain, associated phone numbers and much more. These kind of information can be very valuable for a hacker. 
 
  • Software Tools:  Tools such as Google Hack can be very helpful to a hacker. This tool allows optimized search in google and provide very precise result for what we look for. We can search for specific contents such as books, music, videos, torrents, cache, applications etc. This tool presents the result which would otherwise be nearly impossible to achieve with normal google search.  


So, today we learned some basic concepts of Footprinting and saw some tools and tricks to gather information from. This is an important step for an ethical hacker. I strongly recommend all to once go through the software's and tools above listed in italics, to be familiar with general practice of footprinting. In next chapter, we will discuss about Proxy.
 Some useful links are provided below.  

  • HTTracker Website Copier: http://www.httrack.com/
  • Email tracker pro: http://www.emailtrackerpro.com/
  • Google hack: https://google-hacks.soft112.com/download.html
  • Website Informer: http://website.informer.com/
  •  Spokeo: https://www.spokeo.com/

Disclaimer: By publishing this article and this series of complete ethical hacking, I , by no means encourage any of malicious hacking attempt and am myself against such attempts.



Labels:

Comments

Post a Comment

Popular posts from this blog

Brief Background Of Culture of Nepal

Today's Nepal is a unified Nepal. Present Nepal is the result of the unification of 46 smaller kingdoms. This unification was carried by the then His Majesty King Prithvi Narayan Shah. Nepal is lauded worldwide for its remarkable cultural practices. Today we will look how the present art and culture of Nepal came into existence and how its continuous development of took place in various instances of history. Three to four thousands year ago, the Neolithic matriarchal groups of Mongol, China and Bhote entered today's Kathmandu Valley. Since the Kathmandu valley was a lake then, these group settled themselves in the higher region of the hills surrounding the lake. Some of these places were Sankwo(today's Bajrayogini) and Puchwo(today's Phulchowki). The primary means of living were hunting and livestock. They also killed humans for meat. Only after learning the making of pots, these savage group started decreasing their nomadic behavior. Gradually they learn to start
2 comments
Read more

The Commencement

Hello to everyone reading this. On my first ever blog, I just want to tell that I am a guy who loves reading good stuff regardless of any theme and respect all those who have indulged themselves in this art, what I consider noble, of writing either as a profession or for a hobby. Since I like reading and being an avid reader I felt I should also start writing. Whenever I thought of writing I always wanted to share my writing experience too. What else is the better way in today's context than sharing on the web? I can easily reach considerably more people through the web than through any other medium. Hence after searching the internet on writing and sharing, I came to know about blogger. The best part is that it's free! HAHA! Basically, these are the guiding factors why I have started this blog and hope I can write some good texts and share my experience with as many as I can.  Myself being an Engineer professionally I assume that my texts may contain some technical pe
2 comments
Read more