Hacking 101 — Footprinting (Theory Part-1)

Hacking 101 — Footprinting (Theory Part-1)

Hello Guys! So, as we ended up with the first article about the Basic Concepts of Networking-OSI Model and TCP/IP Model. This day, we start with some tweaking related to the Footprinting and Reconnaissance.

Have you ever come across an episode of SHERLOCK? If not, I would definitely suggest you to. Ever, witnessed a detective trying to trace the attacker following the prints and the hints left behind. What if there is nothing left to work upon? Will the mystery solve? Similarly, if you want to apply any penetration test or vulnerability assessment on a device or want to gain its access, Footprinting makes it easy to get to know about the whereabouts of the device.

What is Footprinting?

Footprinting allows you to gather information about the device on which you are trying VA/PT. This helps you to gain information on the target PC. Now there are various factors on which the system tries to gain the information on as:-

Network information

Domains, Subdomains, IP addresses, Whois and DNS records

System information

Web server operating systems, Server locations, Users, Passwords

Organization information

Employee information, Organization’s background, Phone numbers, Locations

Now if we go for the objectives of the Footprinting, they are:-

• Learn security posture Analyze the security posture of the target, find loopholes, and create an attack plan.
• Identify focus area Using different tools and techniques, narrow down the range of IP addresses.
• Find vulnerabilities Use the collected information to identify weaknesses in the target’s security.
• Map the network Graphically represent the target’s network and use it as a guide during the attack.

There are two types of footprinting — Active and Passive

When an attacker is in direct contact with the user or the victim to gain the information it’s known as ACTIVE FOOTPRINTING eg calling the victim etc.

This Includes:-

1. Performing WHOIS analysis
2. Performing Social Engineering
3. Performing Traceroute
4. Querying Published name server
5. Extracting DNS information
6. Using e-mail tracking
7. Web spiders

If the attacker tries to juice out information from the victim without coming into direct contact it’s said to be PASSIVE FOOTPRINTING eg Social Media information gathering etc.

This Includes:-

1. Finding Information with the help of Search Engines
2. Finding the TLD’s(Top-Level Domains) and Sub-Domains
3. Extract Information by the internet archive
4. Monitoring the website traffic of the victim
5. Tracking the online reputation of the target.

Now as we know why and where do we need Footprinting for, let us go for the HOW?

So Footprinting can be done by these methods.

1. Footprinting through search engines.
2. Footprinting through web services
3. Email Footprinting
4. Website Footprinting
5. Footprint through Social Network
6. Competitive Intelligence
7. Whois Footprinting
8. Network Footprinting
9. DNS Footprinting
10. Footprinting through Social Engineering

So as we have covered the methods and concepts of Footprinting, we will proceed with the tools and countermeasures for it in the coming up thread.

PS: We’ll be needing ParrotOS or KALI in the next thread.

Till then!!

Happy Reading :-)

-Amber Mishra