Footprinting through Social Engineering

1.10 Footprinting through Social Engineering

My resume of module 02 footprinting form CEH material

So far, we have discussed the different techniques for gathering information either with the help of online resources or tools. Now we will discuss footprinting through social engineering, the art of obtaining information from people by manipulating them. This section covers the concept as well as the techniques used to gather information.

Social engineering is a totally non-technical process in which an attacker misleds a person into providing confidential information unknowingly. In other words, the target is unaware of the fact that someone is stealing confidential information. The attacker takes advantage of the helpful nature of people and their willingness to provide confidential information.

To perform social engineering, an attacker first needs to gain the confidence of an authorized user and then mislead that user into revealing confidential information. The goal of social engineering is to obtain required confidential information and then use that information for hacking attempts such as gaining unauthorized access to the system, identity theft, industrial espionage, network intrusion, commits frauds and so on. The information obtained through social engineering may include credit card details, social security numbers, usernames and passwords, other personal information, security products in use, OS and software versions, IP addresses, names of servers, network layout information and so on.

Social engineering can be performed dumpster diving, impersonation, in many ways such as eavesdropping, shoulder surfing, tailgating, third-party authorization, piggybacking, reverse social engineering and so on.

Collecting Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving

Eavesdropping, shoulder surfing, and dumpster diving are social engineering techniques widely used to collect information from people.

• Eavesdropping

  Eavesdropping is the act of secretly listening to the conversations of people over a phone or video conference without their consent. It also includes reading confidential messages from communication media such as instant messaging or fax transmissions. It is the act of intercepting communication of any form such as audio, video, or written without the consent of the communicating parties. The attacker gains information by tapping the phone conversation, and intercepting audio, video, or written communication.

• Shoulder Surfing

  Shoulder surfing is a technique, where critical information. attackers secretly observes the target to gain In the shoulder surfing technique, an attacker stands behind the victim and secretly observes the victim’s activities on the computer, such as keystrokes while entering usernames, passwords and so on. The technique is effective in gaining passwords, personal identification number, security codes, account numbers, credit card information, and similar data. The attackers can easily perform shoulder surfing in a crowded place, as it is relatively easy to stand behind and watch the victim without his or her knowledge.

• Dumpster Diving

  This uncouth technique also known as trashing involves the attacker looks for information in garbage bins. The attacker may gain vital information such as phone information, financial information, operations-related information, bills, contact printouts of source codes, printouts of sensitive information and so on from the target company’s trash bins, printer trash bins, sticky notes at users’ desks and so on. The attacker may also gather account information from ATM trash bins. The information can help the attacker to commit attacks.

Footprinting Tools

Attackers are aided in footprinting with the help of various tools. Many organizations offer tools that make information gathering an easy task. This section describes tools intended for obtaining information from various sources.

Footprinting tools are used to collect basic information about the target systems in order to exploit them. Information collected by the footprinting tools contain target’s IP location information, routing information, business information, address, phone number and social security number, details about a source of an email and a file, DNS information, domain information and so on.

• Maltego

  Source: https:/Avww.paterva.com and operates. Maltego demonstrates the complexity and severity of single points of failure as well as trust relationships that exist within the scope of the infrastructure. The unique perspective that Maltego offers to network and resource-based entities is the aggregation of information posted all over the internet. The application can be used to determine companies, the relationships organizations, and real-world websites, Internet links between infrastructure people, social (domains, networks, DNS names, Netblocks, IP addresses), phrases, affiliations, documents, and files.

• Recon-ng

  Source: https.//bitbucket.org Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng avoids competing with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. It is a Web Reconnaissance framework with independent modules, database interaction, built in convenience functions, interactive help, and command completion, that provides an environment in which open source web-based reconnaissance can be conducted.

• FOCA Source: https ///www.elevenpaths.com FOCA is capable of scanning and analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files. Features:

  • Web Search - Searches for hosts and domain names through URLs associated to the main domain. Each link is analyzed to extract from it new host and domain names.
  • DNS Search - Checks each domain to ascertain which are the host names configured in NS, MX, and SPF servers to discover a new host and domain names.
  • IP resolution - Resolves each host name by comparison to the DNS to obtain the IP address associated with this server name. To perform this task accurately, the tool performs analysis against the organization’s internal DNS.
  • PTR Scanning - Finds more servers in the same segment of a determined address, IP FOCA executes a PTR logs scan.
  • Bing IP -, Launches FOCA which is a search process for new domain names associated with that IP address for each IP address discovered.
  • Common Names - Performs dictionary attacks against the DNS.

• Recon-Dog

  Source: https///github.com Recon-Dog uses APIs to collect information about the target system. Features:

  • Whois Lookup - Searches for information regarding a target domain name.
  • DNS Lookup + Cloudflare Detector Checks a target domain using DNS (Domain Name System) lookup in order to find new domain names and hosted connected.
  • Zone Transfer - Searcher for the vulnerabilities in the DNS zone transfer.
  • Port Scan - Probes a target system ora server for open ports in order to exploit them.
  • HTTP Header Grabber - Gathers information about a target system about the type and the version of software it is running.
  • Honeypot Detector - Detects the presence of honeypot in a target’s system. A honeypot contains a data about the system that looks legitimate and is monitored continuously in order to detect any malicious activity which is blocked afterwards.
  • Robot.txt Scanner - Scans the target system against Robot.txt file that is used to give instruction to web crawlers. Flaws in Robot.txt file can allow an attacker to gain an access to the unauthorized location of a website.
  • IP Location Finder, Traceroute, and Link Grabber

• OSRFramework

  Source: https.//github.com OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open users, domains, and more across over 200 separate service. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction, and many others. At the same time, by means of ad-hoc Maltego transforms, OSRFramework provides a way of making these queries graphically as well as several interfaces to interact with like OSRFConsole or a Web interface.

  Tools included in the OSRFramework package:

  • usufy.py — Checks for a user profile in up to 290 different platforms
  • mailfy.py — Check for the existence of a given mail
  • searchfy.py — Performs a query on the platforms in OSRFramework
  • domainfy.py — Checks for the existence of domains
  • phonefy.py — Checks for the existence of a given series of phones
  • entify.py — Use regular expressions to extract entities

Additional Footprinting Tools

Some of the other additional footprinting tools that assist in gathering information about the target person or organization include:

• Prefix Whols (http://pwhois.org)
• LHF (Low Hanging Fruit) (https://github.com)
• Snilper (https://github.com)
• CloudFail (https://github.com)
• Aquatone (https://github.com)
• GMapCatcher (https://github.com)
• DNS-Digger (http://www.dnsdigger.com)
• Reconnoitre (https://github.com)
• NSLOOKUP (http://www.kloth.net)
• DomainHostingView (http://www.nirsoft.net)
• Robtex (https://www.robtex.com)
• SearchBug (https://www.searchbug.com)
• Zaba Search (http://www.zabasearch.com)
• Metasploit (https://www.metasploit.com)
• theHarvester (http://www.edge-security.com)
• Dig Web Interface (http://www.digwebinterface.com)
• SearchDiggity (https://www.bishopfox.com)
• NetScanTools Pro (http://www.netscantools.com)
• Tctrace (http://www.phenoelit.org)
• Autonomous System Scanner (ASS) (http://www. phenoelit.org)
• Netmask (http://www.phenoelit.org)
• TinEye (https://tineye.com)
• White Pages (https://pro. whitepages.com)
• Ping-Probe (http://ping-probe.com)
• SpiderFoot (http://www.spiderfoot.net)
• Metagoofil (https://code.google.com)
• BILE Suite (https://github.com)