Prashant Mahajan

RISC Meet RMIT Information Security Collective

20th July

8.9.43

Footprinting refers to the preparatory stage where an attacker seeks to gather as much information as possible about the target before launching attack(s).

Types:- Passive

Attack

Basic information about the target and its network

OS, platforms running, web server versions and likes

Locate company’s URL

Internal URL’s Provide an insight into different departments and

business units in the organisation

Can be found via trial and error OR?

http://news.netcraft.com

http://www.webmaster-a.com/link-extractor-internal.php

SpiderFoot (http://www.binarypool.com) Will scrape the websites as well as Google, Netcraft,

Whois and DNS

Robtext (http://www.robtex.com)

Google

Bing

Dogpile (Goole+Yahoo+Bing+Yandex)

Web Wombat (Original Australian)

Cuil

Alexa

Some of my favourite resources are:

http://www.peekyou.com

http://www.yoname.com

http://www.123people.com

http://www.aafter.com

http://blogsearch.google.com

All Social Networking Sites

MySpace, Facebook, Orkut, Twitter, LinkedIn

How do you find images using Google?

Google Image Search

http://images.google.com

Image search may give results according to keywords or metadata from images.

Are all the results you get related to what you searched for?

So, basically, it is google image search in reverse.

You can submit an image to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions

When you submit an image to be searched, TinEye creates a unique and compact digital signature or 'fingerprint' for it, then compares this fingerprint to every other image in our index to retrieve matches. TinEye can even find a partial fingerprint match.

TinEye does not typically find similar images (i.e. a different image with the same subject matter); it finds exact matches including those that have been cropped, edited or resized.

Financial Services like Google Finance, Yahoo Finance

Job Sites:

Job Descriptions can be used to gather the infrastructure details

Tech Support Websites:

Many times employees give out information in order to get some solutions for their problems

When did it start?

Where is it located?

How did it develop?

Who leads it?

What are the company’s plans?

nslookup

dnsrecon

http://www.morris-pictures.com

The one you need to know is a comment in the source code of the index-2.html, "<!-- Mirrored from www.silvertipfilms.co.uk/index.php by HTTrackWebsite Copier/3.x [XR&CO'2008], Thu, 16 Oct 2008 02:10:39 GMT -->" morris-pictures.com was registered on 2008-10-14

http://www.hackersforcharity.org/ghdb/

Prashant Mahajan

corrupt@null.co.in

+61 0421 804 786

Follow Me on Twitter @prashant3535