/images/avatar.webp

Footprinting Lab 2

My resume of module 02 footprinting form CEH material

Level: easy

Tools to search subdomains

In the official gluide of CEH the tool used for search subdomains is sublist3r, but extist some great tools for complement this fase of footprinting here a list:

Footprinting Lab 1

Footprinting Lab 1: whois,ping,tracert

My resume of module 02 footprinting form CEH material

Level: ultra easy

Get max Frame size

To get max frame size using ping command:

  • On Windows

    1
    
    > ping www.certifiedhacker.com -f -1 1500
    

    Where:

    • -f send fragmented frames
    • -l buffer size
  • On Linux

    1
    
    $ ping www.certifiedhacker.com -s 1500
    

    Where:

    • -s buffer size
for fragmented frames

On Windows is needed specify that frames are fragmented (-f)

Footprinting Penetration Testing

3 Footprinting Penetration Testing

My resume of module 02 footprinting form CEH material

So far, we have discussed the necessary techniques and tools that can be used to footprint a target organization’s network. Penetration testing (or pen testing) refers to the process of testing the organization’s security posture using similar techniques and tools as that of an attacker, but with the knowledge and approval of the organization. Footprinting is the first step to perform in the pen testing process. Performing footprinting in a systematic manner enables a pen tester to discover potential security liabilities that an attacker may exploit. In the pen testing process, the pen tester acts as a malicious outsider and simulates an attack to find security loopholes.

Footprinting Contermeasures

2 Footprinting Contermeasures

My resume of module 02 footprinting form CEH material

So far, we have discussed the importance of footprinting, various ways to perform the task, and the tools that help to conduct execution. Now we will discuss footprinting countermeasures, the measures or actions taken to prevent or offset information disclosure.

Some of the footprinting countermeasures are as follows:

  • Restrict the employees to access social networking sites from organization’s network
  • Configure web servers to avoid information leakage
  • Educate employees to use pseudonyms on blogs, groups, and forums Do not reveal critical information in press releases, annual reports, product catalogues and so on.
  • Limit the amount of information that you are publishing on the website/ Internet
  • Use footprinting techniques to discover and remove any sensitive information publicly available
  • Prevent search engines from caching a web page and use anonymous registration services
  • Develop and enforce security policies such as information security policy, password policy and so on. to regulate the information that employees can reveal to third parties
  • Set apart
  • Disable directory listings in the web servers
  • Conduct periodically security awareness training to educate employees about various social engineering tricks and risks
  • Opt for privacy services on Whois Lookup database
  • Avoid domain-level cross-linking for the critical assets
  • Encrypt and password protect sensitive information
  • Donot enable protocols that are not required
  • Always use TCP/IP and IPSec filters for defense in depth
  • Configure IIS to avoid information disclosure through banner grabbing
  • Hide the IP address and the related information by implementing VPN or keeping server behind a secure proxy
  • Request archive.org to delete the history of the website from archive database
  • Keep domain name profile a private one

Footprinting through Social Engineering

1.10 Footprinting through Social Engineering

My resume of module 02 footprinting form CEH material

So far, we have discussed the different techniques for gathering information either with the help of online resources or tools. Now we will discuss footprinting through social engineering, the art of obtaining information from people by manipulating them. This section covers the concept as well as the techniques used to gather information.

Social engineering is a totally non-technical process in which an attacker misleds a person into providing confidential information unknowingly. In other words, the target is unaware of the fact that someone is stealing confidential information. The attacker takes advantage of the helpful nature of people and their willingness to provide confidential information.