Foot printing and Reconnaissance

I. Introduction to Ethical Hacking:

Ethical hacking is a legal practice that is used in order to find possible threats or vulnerabilities in a network system. The process of ethical hacking came into practice more than 50 years ago in the year 1960 at MIT. The most common practice of ethical hacking in any organization is the imitation of an actual attacker to discover how vulnerable their system is. This is done with the aim of predicting a possible breach of sensitive data, authentication errors or security misconfigurations from actual hackers. Necessary steps can then be taken to mitigate these threats.

Ethical Hackers are professionals with the technical knowledge that is used to assess the security of a system by breaking into it legally as a potential hacker. They go by the name “White-hats” as well. They contribute to strengthening an organization’s security posture through their proactive activities. The goal of ethical hacking is different from malicious hacking because it is done with permission from the organization or proprietor of the IT asset.

The four fundamental principles of protocol are followed by ethical hackers:

1. Stay legal: Obtain proper approval before accessing and performing a security assessment since they have access to all the sensitive data of that organization.

2. Establish the scope: Establish the parameters of the evaluation. This guarantees that the ethical hacker’s task is legitimate and stays within the limits set by the organization.

3. Identify weaknesses: Let the company know about every vulnerability found during the examination. The ethical hackers additionally have to submit a report outlining all potential threats and offering solutions to prevent assaults.

4. Preserve the sensitivity of the data: Based on the sensitivity of the material, ethical hackers may be forced to accept a confidentiality agreement along with any additional conditions imposed by the evaluated organization.

The various steps involved in Ethical Hacking are as follows:

1. Reconnaissance: Identifying the target and its IP address. Gathering data about the target system to become familiar.
2. Scanning: Scanning the data obtained using tools like dialers, network mappers and port scanners
3. Gaining Access: A blueprint of the network system is designed based on which the attacker tries to gain access to the system.
4. Maintaining Access: A new authorized account is created in order to blend in into the system
5. Clearing tracks: The hackers will use VPN to disguise their identity and refrain from using any techniques that may seem suspicious

II. Reconnaissance

Reconnaissance is the first step in Ethical Hacking. Getting to know the target system and acquiring information are the first steps in ethical hacking. The term “renaissance” refers to a collection of procedures and methods used to acquire and secretly learn as much as one can about a target system, including enumeration, scanning, and footprinting. To find and extract sensitive information, reconnaissance is a crucial step. Attackers would have access to specific information during a proper recon. In this way, penetration testing in information security uses reconnaissance.

An attacker employs recon to communicate with the network’s open ports, live services, etc. to gather data without actively using the network. The information it provides can be used to establish access to networks that are beyond the internet. During reconnaissance, the following seven steps are carried out by the hacker in order to obtain maximum information about the target system.

1. Gathering preliminary data
2. Measuring the range of the network
3. Recognizing the running machines
4. Finding accessible ports and access points
5. Using the operating system’s fingerprint to identify it
6. Locating services on ports
7. Creating a map of the network

The following actions will be taken by an attacker in order to learn more about a network:

1. File access rights
2. Carrying out network services
3. Account details of users

Depending on the technique and use case of reconnaissance, it is classified into two types

A] Active Reconnaissance:

Active reconnaissance is more of a straightforward strategy. This technique is being used by hackers to examine an architecture for flaws, frequently risking premature detection. This is the quicker of the two recon techniques, aggressively looking for weaknesses or entry spots. By hacking any kind of firewall as well as routers, information about the system is used to obtain illegal access to resources that are protected. The hacker then actively scans the network’s architecture, identifying hosts with the use of programmes like NSLookup. They are located, and any possible weaknesses are detected by doing a port scan.

The most commonly used attack kit for active reconnaissance is the open-source Nmap programme. It employs a variety of scan types to locate hosts and services connected to a network. A server’s firewall or an associated security suite are much more likely to detect an attack because this strategy necessitates communication with the system.

B] Passive Reconnaissance:

Because passive reconnaissance doesn’t require contact with a target system, it is much simpler to conceal. With this method, hackers can simply spy on a network with the goal to gather data. They can then examine the target firm to find out about its partners, employees, technological advances, and IP information.

If the attack succeeds, the only indication that a hacker was present will exist in analytical data. Since no warning signs appeared, no threat or suspicious activities will be recorded in security logs.

Hackers may explore websites offline and analyze material to discover hardware, operating systems, and contact details using tools like “Wget”. Other popular passive spying techniques involve carrying out in-depth searches on Google, browsing the data on abandoned machines, and assuming user identities.

III. Tools used for Reconnaissance:

1. NMap: NMaps are used for active reconnaissance for taking advantage of the working of the system using a series of scans. This helps the hacker to get to know about the IP address range or security system of the target.
2. Metasploit: Metasploit enables hackers to break into a number of vulnerable machines with the help of multiple prepackaged exploits. It allows the hacker to exploit the system with the help of its auto pawn feature.
3. Wireshark: This is used in Passive reconnaissance. It is famous because of its abilities of network traffic analysis. The traffic obtained via the WiFi network of the company or by examining the employee network traffic can be analyzed using Wireshark.
4. Shodan: It is used in the passive reconnaissance of the search engine of internet -connected devices. The hackers can identify the IP address range of the company using Shodan. The future attacks can then be planned based on these vulnerabilities.
5. Search Engine: Google hacking can be performed using search engines.
6. OS Fingerprinting: OS fingerprinting can identify a remote device’s Operating system. This enables an attack point based on the operating system related vulnerabilities.

IV. Foot printing

The action of collecting details and information about a system, supposedly a target for performing cyber attack is known as Foot printing. The attacker or the hacker must use different methods along with efficient tools to obtain such specific information related to the system. This information is the primary step for the attacker to hack the system. During this process, the hacker may target information like the following-

1. Domain name
2. Namespaces
3. Phone numbers
4. Job information
5. IP addresses
6. Employee information
7. E-mails

Additionally, the hacker needs to use proficient tools in order to penetrate and attack the network of the target system. The popular tools used for foot printing are:

1. Nslookup : this tool is used to trace Ip addresses. These are assigned to specific domains. This particular tool uses a command line for processing.
2. Traceroute : It is used for identifying routers, gateways and firewalls which are present between a user and their target. This tool basically traces the route between the two IP addresses, one of your system and the other of the host that you specify.
3. Nmap : This tool can help to scan for live hosts which is crucial during a type of foot printing which is the active foot printing. It has been popular as the de facto network scanning tool for a long time.
4. Social engineering : Social engineering is one of the most common foot printing techniques known in cyberattacks. This is done through human interaction. This can be done in a number of ways, including email, phone calls, and even theft. In this way, attackers obtain information to take action.

Types of foot printing :

Foot printing practice can be of two types -

A] Active Foot printing

In this type of foot printing, through direct interaction, information must be gathered about the target. As we only communicate with the target network in this kind of foot printing, the target may be able to identify the ongoing information collection operation.

Active Foot printing techniques include: –

1. Querying the target’s public name servers
2. Extract metadata from published files and documents
3. Using various mirroring and web spidering technologies to steal a lot of website data
4. Gathering information by using email tracking
5. Carrying out a Who is search
6. Extraction of DNS data
7. Making use of traceroute analysis
8. Performing social engineering

B] Passive Foot printing

This includes gathering information about targets without direct interaction. This is a type of footprint collection that is primarily useful when the information gathering activity should not be detected by the target and should not be transmitted to the target organization from a host or anonymous host or service over the internet. Web crawlers, social networking sites, etc. can be used to easily collect and maintain documented data about their targets.

1. Find target top-level domains (TLDs) and subdomains via web services
2. Collect destination area information with a web service
3. Implementation of person search using SNS and person search service
4. Stealing money data about targets through various money services
5. The Sensitivity of Fact-Based Meeting Frameworks Through the Workplace
6. Destination Confirmation with Ready Service
7. Social event data with meetings, discussions and online journals
8. Determination of the working framework used by the target company
9. Extract data about targets using Internet documents
10. Conducting Competitive Intelligence
11. Discovering data with web crawlers
12. Target website traffic monitoring

V. Threats of foot printing

1. Social Engineering: Hackers do not use avenues of entry, but collect data directly and indirectly through persuasion and other means. Hackers collect sensitive data from employees who are unaware of their intentions.
2. System and network attacks: Foot printing helps attackers carry out system and network attacks. As a result, the attacker collects data related to the target organization’s system configuration, the operating system running on the computer, and more. By exploiting this data, bad actors can detect vulnerabilities in targeted systems and exploit these vulnerabilities. The attacker then gains control of the target system or entire network.
3. Data Breach: Information Breach poses a threat to any organization. If an organization’s sensitive data falls into the hands of attackers, these individuals can launch attacks to enhance their knowledge or, alternatively, seek financial gain.
4. Loss of privacy: Using footprints, hackers can gain access to organizational systems and networks, and even escalate administrator-level privileges to infiltrate entire organizations and individual employees. privacy.
5. Corporate Espionage: Corporate espionage is a significant threat to businesses. Competitors usually try to follow in the footsteps of confidential information. Could this approach bring similar products to market, alter costs, and typically adversely affect the target organization’s market position?
6. Business loss : e-commerce websites, banks, financial businesses, and other organizations. Billions of dollars are lost each year to malicious attacks

VI. Benefits of Foot printing

1. Know security posture: The information acquired, such as specifics regarding the existence of a firewall, application security configurations, etc., will assist us in gaining a general understanding of the security posture of the company
2. Identifying vulnerabilities : An ethical hacker can determine the open ports, vulnerabilities, and types of attacks that the system is vulnerable to if they are able to acquire sensitive data or break into the system. In short, we can create a database which contains information about the loopholes, threats and vulnerabilities in the target organization’s system.
3. Reduction in attack area : Due to footprinting, one is able to recognize a particular range of systems and further focus on specific target systems only.
4. Draw network map : helps to create a network map of the target organization’s networks that includes information on the topology, trustworthy routers, presence of servers, and other factors.

References:

1. https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/basics-footprinting-reconnaissance/
2. https://www.itperfection.com/ceh/what-is-footprinting-what-is-reconnaissance-hacking-hacker-social-engineering-ids-security-ceh-nslookup-nmap/
3. https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_footprinting.htm
4. https://quadrant360.com/blog/what-exactly-is-footprinting-and-reconnaissance/

Authors: Kasturi Joshi, Riya Joshi, Sumedh Joshi, Shubhankar Kalekar