What is Footprinting? – Footprinting is the process of collecting as much as information as possible about a target network. for identifying various ways to intrude into an organization’s network system.
Footprinting is the first step of any attack on information system; attacker gathers publicly available sensitive information, using which she/he perform social engineering, system and network attack. etc that leads to huge financial loss and loss of business reputation.
Know Security Posture
Footprinting allows attackers to know the external security postures of the target organizations.
Reduce Focus Area
It reduces attacker’s focus area to specific range of IP address, networks, domain names, remote access.
It allows attacker to identify vulnerabilities in the target systems in order to select appropriate exploits.
Draw Network Map
It allows attackers to draw a map or outline the target organization’s network infrastructure to know about the actual enviorment that they are going to break.
Objectives of Footprinting
Collect Network Information
Domain Name , Internal domain names , Network blocks , IP address of the reachable systems , Private websites.
TCP and UDP services running , Access control mechanisms and ACL’s , Networking protocols , VPN Points
IDSes running , Analog/digital telephone numbers , Authentication mechanisms , System enumeration.
Collect System Information
User and group names , System banners , Routing Tables , SNMP information.
System architecture , Remote system type , System names , Password.
Collect Organization’s Information
Employee details , Organization’s website , Company directory , Location details , Address and phone numbers , comments in HTML source code.
Security policies implemented , Web server links relevant to the organization’s , Background of the organizations , News articles , Press Release.
Footprinting Through Search Engines
Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and othe types of advanced systems attacks
Also Read: How to hack wifi using kali linux
Determining the Operating System
Use the Netcraft tool to determine the OS in use by the target organizations.
Collect Location Information
Google Earth – use Google Earth tool to get the physical location of the target.
People Search: Social Networking Sites/People Search Services
Gather Information From Financial Services
Financial services provides a useful information about the target company such as the market value of a company’s share, company profile, competitor details.
Footprinting Through Social Engineering
There are various techniques that fall in this category. A few of them are:
- Eavesdropping – Attacker tries to record personal conversation of the target victim with someone that’s being held over communication mediums like Telephone.
- Shoulder Surfing – In this technique Attacker tries to catch the personal information like Email id, password, etc; of the victim by looking over the victim’s shoulder while the same is entering(typing/writing) his/her personal details for some work.
Sometimes the attacker may trick the victim to grab his personal information. A method that can be used for this is by the method “PHISING”. (PHISING – Its basically creating fake webpages of some websites to trick a naive internet user to grab his personal data. Mostly email-id and passwords of social media accounts.).
For More Hacking Content Click Here