Footprinting


Footprinting is the first step in the hacking process. In this method, hacker tries to gain as much information as possible about target which may lead to compromise the target.

Types of footprinting

1. Open source information gathering.
2. Information gathering with hacking tools.

Google Hacking


 It is an open source information gathering technique where hacker try to find important information about targets, like companies subdomains, IP addresses, email ID's, Employee's database, passwords and sites of the company which are vulnerable to hacking attacks through the help of special keywords used in google search engine is known as Google hacking.

 List of Google Dorks

1. inurl: login.asp or (php,aspx)


2. filetype: ppt ethical hacking 

  ( instead ppt you can also put doc,xls etc)


3. intitle: ethical hacking

4. inurl: ac.in filetype:xls name



5. inurl: view/index.shtml (unprotected cameras)

and there are lots of keywords like these which you can easily get on google.

 Now, we how to extract information.

Identifying registration details of a particular site.

this can be done using websites like "whois.domaintools.com", "who.is" or  "Pipl.com".

while gathering information with these techniques you should also be sure that you should be safe from getting identified.

for that, you can do Spoofing of IP address

There are software's which allows you to spoof your IP address.

List of VPN software's

1. Cyberghost VPN
2. Spotflux VPN
3. Ivacy VPN
4. Security Kiss VPN
5. Strong VPN
6. Hide my ass VPN
7. Hotspot shield VPN


Method to trace IP address using windows


go to command prompt and type this "tracert  www.xyz.com"


now after checking you can get that your data is getting leaked online which will increase the chances of you getting hacked!
so, I will suggest you some methods to make yourself secure and safe from getting hacked.

Footprinting countermeasures

1. Configure routers to restrict the responses of footprinting requests.

 2. Configure web server to avoid information leakage and disable unwanted protocols.

 3. Use intrusion detection system that can be configured to refuse suspicious traffic and pick up footprinting patterns.

 4. Evaluate the information before publishing it on the internet.

 5. Perform footprinting attacks and remove any sensitive information found.

 6. Use anonymous registration services to avoid information leakage in who is querries.

Next post will be on  " Scanning "

Comments

Post a Comment

Popular posts from this blog

Managing Output with Manipulators in C++

Well, when I started studying C++ or you can say when I was forced to study CPP I was like already I have Maths, Physics and Chemistry to study so why this shitty extra burden on my shoulders. But that subject which I was forced to study or having no other option instead of studying CPP became my passion now. Anyways that's a hell of a story! So, this piece of reading will give you an explanation about what are manipulators and how they are implemented in CPP. Manipulators By the name you might have already thought that this is going to be something related to manipulation of something. Well, you are on a right track So, you already got an idea what it is about I would like to make it clear that what is that "something". That something is nothing but Input and Output operations. Well, in this post we will be focusing mainly on Managing Output with Manipulators. Lets, start the boring thing! The header file iomanip provides a set of functions call
Read more

What is sniffing?

Image
Wiretapping is a process of monitoring the telephone and internet conversations by a third party attackers connect a hardware or software or combination of both to the switch carrying information between two phones or hosts on the internet. Types of wire taping 1. Active wire taping : It only monitors, records the traffic (silently) and also alters the traffic. 2. Passive wire taping : It only monitors and records the traffic. Sniffing attacks are vulnerable to following protocols. 1. Telnet 2. FTP 3.SMTP 4. HTTP 5. POP3 6. NTP 7. IMAP 8. SNMP 9. RDP In network sniffing attacks are mostly done on data link layer and network layer of OSI reference model based switches Recommended sniffing tool is Wireshark.  Wireshark is available for both windows and Linux , it is the best tool for sniffing and it's absolutely free . You can download Wireshark from their official site  Wireshark download . Session Hijack
Read more

Creating a bootable USB.

A lot of people just asks me how to create a bootable USB easily. The funny part is that they mainly ask how to make it for Linux, I mean bro, if you don't know even how to make a bootable USB then you better should stick with windows OS, because it suits you better, but for the people who are reading this article for creating bootable USB, guys, first of all, I will tell you the simplest method. Don’t expect from me to explain to you how to make it using the command prompt. So, all you need is one software of 1 MB, your ISO file, a computer and yeah USB. So, just download the software Rufus from their official site(first link after typing Rufus on Google). Then make sure your ISO image file is downloaded. Now run the Rufus.exe file and then select the USB disk, from the first 'disk' option then in the bottom right of the application there will be a mall option.  Looking like a CD mounted on HDD. Click on that and select the ISO image file. A
Read more