Basic Guide to Footprinting

7:57 AM Article by Unknown

What is Footprinting?

Footprinting is basically the first step of the hacking which is used by Hackers and penetration testers for gathering information about a server where a website is hosted, A hacker does footprinting in-order to find weakness and security holes of the server through which it can be rooted (Hacked) and same is the Job of penetration tester but often hackers do this for bad purpose but a penetration tester is hired to do this inorder to increase security.The purpose of footprinting to
learn as much as you can about a system of the server, it's remote access capabilities, its ports and services which are running behind it,Registrar queries,DNS queries, and the aspects of its security. All kinds of Hacking Must start with footprinting if you are targeting a specific server and system. This is the start of a successful attack on a system, and you can get much information depending upon your skills.

Types of Footprinting and their Explanation:-

Below are types of footprinting and their sub-branches:-

Open Source Footprinting:-

It is a type of most safest footprinting as it is in legal limits and you can do it without any fear that if you are doing any kinda illegal task. It includes finding basic information which is majorly present for public use too, Like finding out the phone numbers, Emails Addresses, performing who is request for the domain name, searching through DNS tables, and scanning certain ip addresses through automated tools (I,ll post them later with detailed info, of usage), and searching out some common means of finding information about the server system and owner.
Many of the companies post a large amount of information about them self at the their own website without realizing the fact that it can be useful for a hacker too, also sometimes in HTML and coding comments are present which themselves give hackers a lot of information about coding. As comments are present their to tell a coder about the function of some specific code.

Network Enumeration:-

Network enumerating is a computing activity in which user names, and info on groups, shares and services of networked computers are retrieved. It should not be confused with Network mapping which only retrieves information about which servers are connected to a specific network and what operating system is run on them. It includes identifying the domain name and also searching for the registrar information since companies domains are listed with registrar information. The hacker simply needs to know which registrar the company is listed with. There are
five types of queries listed under this section which are as follow:

Registrar Queries:
Registrar Queries or WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.

Organizational Queries:
This is searching a specific registrar to obtain all instances of the target's name. The results show many different domains associated with the company as it may use a large number of domains with its dedicated server or system you can say.

Domain Query:
A domain query is based off of results found in an organizational
query. Using a domain query, you could find the company's address, domain name,
administrator and his/her phone number, and the system's domain servers as while registering a domain this is included in registration forum. The administrative contact could be very useful to a hacker as it provides a purpose of how to do social engineering. so this is where social engineering comes into play. Many administrators now post false phone numbers to protect themselves from this so that they may not be fooled so easily.

POC Query:
This query finds the many IP adresses a machine may have which are majorly public and are associated with machine.

DNS Interrogation:-

After gathering the information needed using the above techniques, a hacker would begin to query the DNS using tools. A common problem with system administrators is allowing untrusted, or worse, unknown users, to perform a DNS Zone Transfer. Many freeware tools can be found on the internet and can be used to perform DNS interrogation. Tools such as nslookup, for PC, and AGnet Tools, for Mac, also in Linux flavor many open source applications are present for this purpose. I,ll do write about them separately in other articles.

Similar common Tricks and Techniques regarding Footprinting:-

OS Indentification:
This involves sending illegal ICMP (Internet Control Message Protocol) or (TCPTransmission Control Protocol) packets to a machine for identifying Operating system used on server or machine in simple words.

Ping Sweep: Try Pinging Different IP addresses found by you during Footprinting:-
Try Pinging Different IP addresses found by you so that you may figure out that which IP is alive in-order to scan for open ports later.

Performing TCP Scans:
Scan ports on machines to see which services are offered by system. TCP scans
can be performed by scanning a single port on a range of IPs (Many IPs But checking one port on them), or by scanning a range of ports on a single IP (Many Ports but on a sinle IP). Both techniques will produce helpful information for hacker and you.

Performing UDP Scans:
Send garbage UDP packets to a desired port. Well normally don't perform
UDP scans a whole lot because most machines show and reply with an ICMP 'port unreachable' message. Meaning that no service is available, most of the advanced machines and servers show this behavior.