January 18th, 2005, 01:16 AM
What is footprinting?
Footprinting is basically the digital equivalent of when a robber ‘cases the establishment’ before attempting to burgle a premises. It is where an attacker attempts to get a profile of the companies IT infrastructure, gathering as much information as possible.
The first thing to do is to perform a whois query on the companies internet register. There is an excellent free tool called Sam Spade that gathers information on DNS servers and IP address blocks amongst other things. If you're a Windows user, simply go to their web site and download the latest version here: http://www.samspade.org/. On the main page, you'll also find online versions of many other useful networking tools which are helpful when you are away from your computer. Otherwise, the Windows version of Sam Spade is preferable because of its fast and easy access to a variety of tools and because you can run a number of different inquiries simultaneously.
Open Source Footprinting
This is a very safe way for a hacker to gather information about a company as it is perfectly legal; in fact the information is widely available to the general public. Information such as telephone numbers, email addresses and sometimes home address are obtained by searching through web-based whois interfaces. Below are the big three, ARIN for the US, APNIC for Asia and RIPE for Europe:
1) (ARIN) – American Registry for Internet Numbers
2) (APNIC) – Asia Pacific Network Information Center
3) (RIPE) – Reseaux IP Europeens
Now from searching these databases you will probably find email addresses and IP addresses. This information can then be put into a traceroute query which can be found on the Sam Spade site, or alternatively you could use a program like NeoTrace Pro. It traces the network path across the Internet from the host system to a target system anywhere on the Internet. The data it can retrieve includes registration details for the owner of each computer on the route (address, phone or e-mail address) and the network each node IP is registered to. The data is shown on a world map showing the location of nodes along the route, and a graph showing the relative response time of each node along the path. You can get NeoTrace Pro here: http://www.neotrace.net-software-download.com/
Now most of this information used by itself is harmless and most likely perfectly legal, but any person who is serious about getting into a system will carefully search through the whois databases to know as much information as possible, as it may lead to an eventual entry point. In my next tutorial entitled ‘Scanning’ I will show how scanning techniques are used by attackers to complement footprinting in order to gather vital information about a companies system. This should follow soon.
For more tutorials please visit my site at www.computer-tutorials.org and the forums www.computer-tutorials.org/phpBB
Sco (Ths is my name on all my other sites)
January 18th, 2005, 02:40 AM
You mentioned this in your other articles, not sure why you missed this one
Everyone knows them, but seeings this post is about finger/foot-printing, thought i'd add'em.
* -O Use TCP/IP fingerprinting to guess remote operating system
There are other methods of doing this, ie if -sV returns Port 80 as IIS6 and -O as a Linux server ... then you know you have to find other methods of searching.
-sV Version scan probes open ports determining service & app names/versions
There are more, but its too early for more typing.
January 18th, 2005, 08:10 AM
the mods arent going to let a tut ripper keep posting tuts are they????
or is that what the ap system is for
regarding this link: