Skip to main content

Footprinting In Hacking

Footprinting in hacking is the process of studying an organization or system, with the aim of collecting valid or genuine information, which gives the attacker a clue and can help him find the vulnerability in the system.

This is the first step in any systematic hacking approach. Attacker or ethical hacker will spent time in this stage carefully, because slit mistake in footprinting might leads to wastage of time, which can lead to the failure of the attack.

After collecting data, hacker needs to spend time verifying and updating the extracted data. Attacker that doesn't update the data collected, might end-up doing nothing. How? Because the organization or individual can migrate from the known system. Thus leaving him with useless information.

Steps to ensure Proper Information retrieval

Since this stage is all about passive information gathering, below are the best practice that will leads to extracting the most genuine information.

Carefully collect public available information regarding the target system or organization. Information like host, network information, location of devices, physical security etc.
Attacker must find out the OS (operating system) used on the host devices and the server respectively. Applications installed on the server are also not left out. Remember servers are as important as the application software installed.
Attacker have to get an insight regarding the network. Knowing whether the organization permits remote network access, uses WIFI, knows the network topologies in use etc.
Extracting the IP address and other network information. Networking tools like Traceroute (tracert in windows), Ping, tenet etc. will really give a helping hand here.
Study the organization set-up. Sometimes the simplest way to hack into any system is to meet non technical staff of an organization.
In the case of web hacking, online tool like builtwith can surely help in information gathering.
Issue queries like Whois, DNS, network and organizational queries, will definitely help. especially regarding knowing the networking strength and how to overcome it.
Certain sites helps in getting information on the target. Site like zabasearch.com (this contains names, addresses, phone numbers, date of birth and other individuals information), anywho.com (this offer phone book forwards and lookup) will really help in getting information on the employees.
Attacker should locate vulnerability on the existing system which can help in success of the attack.

References: Sybex CEH, Ehacking
Tobe continued
Join Us on Facebook: ICTmagazine BBM Chanel: ICTmagazine

Labels:

Comments

Post a Comment

Popular posts from this blog

Microsoft Office for Tablet now on Google Play store

Back in November, Microsoft opened up early previews builds for its new mobile Office applications for Android tablets to those willing to sign up and wait for an invitation. After taking on feedback over the past couple of months, Microsoft has announced that it is expanding its preview scheme by releasing its Office applications to everyone directly through the Google Play Store. The new Office software for mobile unifies Android, IOS, and Windows platforms. Previously each platform had to make do with its own apps, meaning that feature sets differed depending on your operating system and updates were often slow and intermittent. By unifying the Office platform, Microsoft hopes to bring updates and new features to users in a timelier manner. There are still a couple of conditions attached to the preview builds though. Firstly, Office is still limited to ARM-based Android tablets with a screen size between 7 and 10.1 inches. Your tablet will also need to be running Ki...
Post a Comment
Read more

Tips for strong password

As we have already discussed that passwords are strong and at the same time weak! If user create password from his name, date of birth or any other combination that is related to him, cracking down his account doesn't need much technical know how. Meaning attacker who know you, can be lucky enough to access your sensitive information by only entering certain key combinations. Creating strong and almost non hackable wait!!! is there any non hackable password! I was once told that any system can be hacked! It only took time, skills and resources! You are absolutely right! But at-least one has to really suffer before getting your data! Arm robbers do rob banks! Do you think a local or common thief can rob bank? The ans is absolute NO! Strong passwords doesn't happen by chance! Below are the steps to create a very strong passwords! Passwords should be at-least 8 characters Its already becoming standard on the internet. Many websites doesn't allow less than 6 charact...
Post a Comment
Read more

Ethical hacking simplified. cryptographic hashing.

Cryptoghraphy Hashing Hashing is the process of converting plaintext into chipertext. One of the advantage of  hashing is, its  almost impossible to alter. Even if the intruder succeeded in altering the data the receiver will definitely know on receiving the message. Hashing can be seen as a one way encryption process. Its main aim is to confirm the authenticity of data. Hashing output is known as hash, hash value or message digest. How it work When you are sending the message, you will create an encryption with your private key using a particular type of hashing which we will talk about shortly. It will then create gabbled messages which is fixed length and exactly the length of the message. Bundles the chipertext with the plaintext together which are both encrypted. Upon arriving the destination, the receiver will get the public key of the sender and decrypt the message. Mind you hashing is here to confirm the authenticity of the message. After confirming the sender...
Post a Comment
Read more