internet

Hands-On Ethical Hacking
and Network Defense
Second Edition

Chapter 4
Footprinting and Social Engineering

Objectives
• After reading this chapter and completing the
exercises, you will be able to:
– Use Web tools for footprinting
– Conduct competitive intelligence
– Describe DNS zone transfers
– Identify the types of social engineering

Hands-On Ethical Hacking and Network Defense, Second Edition 2

Using Web Tools for Footprinting
• “Case the joint”
– Look over the location
– Find weakness in security systems
– Types of locks and alarms used
• Footprinting
– Finding information on company’s network
– Passive and nonintrusive
– Several available Web tools


Table 4-1 Summary of Web tools


Table 4-1 Summary of Web tools (cont’d.)


Conducting Competitive Intelligence
• Numerous resources to find information legally
– Competitive intelligence
• Gathering information using technology
• Security professionals must:
– Explain methods used to gather information
• Have a good understanding of methods


Analyzing a Company’s Web Site
• Easy source of critical information
– Many available tools
• Paros
– Powerful tool for UNIX and Windows OSs
– Requires Java J2SE


Figure 4-1 The main window of Paros


(cont’d.)
• Paros: searching for a Web site
– Click Tools, Spider
– Enter Web site’s URL
– Check results


Figure 4-2 Entering a URL in the Input dialog box


Figure 4-3 Displaying filenames of all Web pages on a site


(cont’d.)
• Paros: getting Web site structure
– Click Tree, Scan All
– Report includes:
• Vulnerabilities
• Risk levels
• Gathering information this way:
– Time consuming


Figure 4-4 The Paros scanning report


Using Other Footprinting Tools
• Whois
– Commonly used
– Gathers IP address
and domain
information
– Attackers can also
use it

Figure 4-5 Viewing information with the
SamSpade Whois utility


Using E-mail Addresses
• E-mail addresses
– Help retrieve even more information
• Find e-mail address format
– Guess other employees’ e-mail accounts
• Tool to find corporate employee information
– Groups.google.com


Using HTTP Basics
• HTTP operates on port 80
• HTTP commands
– Pull information from a Web server
• Basic understanding of HTTP
– Beneficial for security testers
• Return codes
– Reveal information about OS used
• HTTP methods
– GET/ HTTP/1.1.


Table 4-2 HTTP client errors


Table 4-3 HTTP server errors


Table 4-4 HTTP methods


Figure 4-6 Using the OPTIONS HTTP method


Figure 4-7 Using the HEAD HTTP method


Other Methods of Gathering
Information
• With just a URL, you can determine:
– Web server
– OS
– Names of IT personnel
• Other methods:
– Cookies
– Web bugs


Detecting Cookies and Web Bugs
• Cookie
– Text file generated by a Web server
– Stored on a user’s browser
– Information sent back to Web server when user
returns
– Used to customize Web pages
– Some cookies store personal information
• Security issue


Detecting Cookies and Web Bugs
(cont’d.)
• Web bug
– One-pixel by one-pixel image file
– Referenced in an <IMG> tag
– Usually works with a cookie
– Purpose similar to spyware and adware
– Comes from third-party companies
• Specializing in data collection


Using Domain Name Service Zone
Transfers
• Domain Name System (DNS)
– Resolves host names to IP addresses
– People prefer URLs to IP addresses
• Extremely vulnerable
• Zone transfer tools
– Dig and Host
• Determining primary DNS server
– Start of Authority (SOA) record
• Shows zones or IP addresses
– Zone transfer gives network diagram

Figure 4-9 Using the Dig command


Introduction to Social Engineering
• Older than computers
– Targets human component of a network
• Goals
– Obtain confidential information (passwords)
– Obtain other personal information
• Tactics
– Persuasion
– Intimidation
– Coercion
– Extortion/blackmailing

(cont’d.)
• Biggest security threat
– Most difficult to protect against
• Main idea:
– “Why try to crack a password when you can simply
ask for it?”
• Users divulge passwords to IT personnel
• Human behavior studied
– Personality traits
– Body language


(cont’d.)
• Techniques
– Urgency
– Quid pro quo
– Status quo
– Kindness
– Position
• Train users
– Not to reveal information
– To verify caller identity
• Ask questions and call back to confirm

Figure 4-10 The
OSSTMM social-
engineering template


The Art of Shoulder Surfing
• Shoulder surfer
– Reads what users enter on keyboards
• Logon names
• Passwords
• PINs
• Tools
– Binoculars or high-powered telescopes
– Key positions and typing techniques
– Popular letter substitutions
• $ equals s, @ equals a


The Art of Shoulder Surfing (cont’d.)
• Prevention
– Avoid typing when:
• Someone is nearby
• Someone nearby is talking on cell phone
– Computer monitors:
• Face away from door or cubicle entryway
– Immediately change password if you suspect
someone is observing you


The Art of Dumpster Diving
• Attacker finds information in victim’s trash
– Discarded computer manuals
– Passwords jotted down
– Company phone directories
– Calendars with schedules
– Financial reports
– Interoffice memos
– Company policy
– Utility bills
– Resumes

The Art of Dumpster Diving (cont’d.)
• Prevention
– Educate users
• Dumpster diving
• Proper trash disposal
– Format disks before disposing them
• Software writes binary zeros
• Done at least seven times
– Discard computer manuals offsite
– Shred documents before disposal


The Art of Piggybacking
• Trailing closely behind an employee cleared to
enter restricted areas
• How it works:
– Watch authorized personnel enter an area
– Quickly join them at security entrance
– Exploit desire to be polite and helpful
– Attacker wears a fake badge or security card


The Art of Piggybacking (cont’d.)
• Prevention
– Use turnstiles
– Train personnel to notify security about strangers
– Do not hold secured doors for anyone
• Even people they know
– All employees must use access cards


Phishing
• Phishing e-mails
– “Update your account details”
– Usually framed as urgent request to visit a Web site
• Web site is a fake
• Spear phishing
– Combines social engineering and exploiting
vulnerabilities
– E-mail attacks directed at specific people
• Comes from someone the recipient knows
• Mentions topics of mutual interest


Figure 4-12 A phishing e-mail


Summary
• Footprinting
– Gathering network information with Web tools
• Competitive intelligence
– Gathered through observation and Web tools
• IP addresses and domain names
– Found by using tools (e.g., SamSpade)
• Cookies and Web bugs
– Collect and retrieve user’s information
• Zone transfers
– Used to obtain network topologies

Summary (cont’d.)
• Social engineering
– Attacks using human nature
• Many methods
– Educate personnel
• Attacker techniques
– Shoulder surfing
– Dumpster diving
– Piggybacking
– Phishing


internet

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (14)

Similar to internet

Similar to internet (20)

internet