Footprinting
38
Prashant Mahajan RISC Meet RMIT Information Security Collective 20 th July 8.9.43
-
Upload
prashant3535 -
Category
Technology
-
view
1.289 -
download
0
description
RISC Meet - 20th July RMIT Information Security Collective RMIT University
Transcript of Footprinting
Prashant Mahajan
RISC Meet RMIT Information Security Collective
20th July
8.9.43
Footprinting refers to the preparatory stage where an attacker seeks to gather as much information as possible about the target before launching attack(s).
Types:- Passive
Attack
Basic information about the target and its network
OS, platforms running, web server versions and likes
Locate company’s URL
Internal URL’s Provide an insight into different departments and
business units in the organisation
Can be found via trial and error OR?
http://news.netcraft.com
http://www.webmaster-a.com/link-extractor-internal.php
SpiderFoot (http://www.binarypool.com) Will scrape the websites as well as Google, Netcraft,
Whois and DNS
Bing
Dogpile (Goole+Yahoo+Bing+Yandex)
Web Wombat (Original Australian)
Cuil
Alexa
Some of my favourite resources are:
http://www.peekyou.com
http://www.yoname.com
http://www.123people.com
http://www.aafter.com
http://blogsearch.google.com
All Social Networking Sites
MySpace, Facebook, Orkut, Twitter, LinkedIn
How do you find images using Google?
Google Image Search
http://images.google.com
Image search may give results according to keywords or metadata from images.
Are all the results you get related to what you searched for?
So, basically, it is google image search in reverse.
You can submit an image to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions
When you submit an image to be searched, TinEye creates a unique and compact digital signature or 'fingerprint' for it, then compares this fingerprint to every other image in our index to retrieve matches. TinEye can even find a partial fingerprint match.
TinEye does not typically find similar images (i.e. a different image with the same subject matter); it finds exact matches including those that have been cropped, edited or resized.
Financial Services like Google Finance, Yahoo Finance
Job Sites:
Job Descriptions can be used to gather the infrastructure details
Tech Support Websites:
Many times employees give out information in order to get some solutions for their problems
When did it start?
Where is it located?
How did it develop?
Who leads it?
What are the company’s plans?
nslookup
dnsrecon
http://www.morris-pictures.com
The one you need to know is a comment in the source code of the index-2.html, "<!-- Mirrored from www.silvertipfilms.co.uk/index.php by HTTrackWebsite Copier/3.x [XR&CO'2008], Thu, 16 Oct 2008 02:10:39 GMT -->" morris-pictures.com was registered on 2008-10-14
http://www.hackersforcharity.org/ghdb/
