In this section, we'll show you how to use web resources, including personal search engines, social networking sites, financial services, third-party data repositories, groups, forums, blogs, and more, to obtain publically available information about the target organisation. Using this information, an attacker may build a hacking strategy to break into the target organization's network and carry out advanced system attacks.
This topic is divided into two articles. Continue Reading Part 2.
Finding the Company's Domains and Sub-domains
The websites of an organization often offer a wealth of important information
that is freely accessible to the public, including organisational histories,
services and products, and contact details. Sub-domains may provide
insights into an organization. However, a sub-domain may be available to
only a few people. These persons can be employees.
In many organizations, sub-domains are created to test new technologies before
deploying to the main server. These sub-domains can be may be insecure or
vulnerable. Identifying such sub-domains may reveal critical information such
as source code or essential documents from the web server. Most organizations
use standard formats for sub-domains which can easily be discoverable by a
hacker who knows external URLs. Tools like VirusTotal,
Sublist3r, Netcraft or
Google Dork (site:hackhunt.in -inurl:www) can be used to
find sub-domains.
Gathering Information from Financial Services
Financial Services can provide a large amount of useful information such as
the market value of a company's shares, company profile, competitor details,
stock exchange rates, corporate press releases, and financial reports along
with news, and blog search articles about corporations. Services like Google
Finance, MSN Money, Yahoo Finance, and Investing.com can be used to gather
sensitive information. Additionally, an attacker can use various malicious
ways to gain access to obtain private information.
Monitoring Targets Using Alerts
Services for monitoring content such as delivering automated, current
information depending on user preferences is called alerts. Tools such as
Google Alerts,
Twitter Alerts, and Giga Alerts can help attackers to keep watch on mentions
of the organization's name, member names, website, or any other significant
individuals or initiatives. Attackers can gather updated information
about the target periodically from the alert services and use it for further
attacks.
Tracking Online Reputation of the Target
Online Reputation Management (ORM) is a process of monitoring displays when
someone searches for a company's reputation on the Internet. ORM then takes
measures to minimize negative search results or reviews.
We can learn what people are saying about a company's brand in real-time
through the web, social media, and news with the aid of online reputation
tracking technologies. Organisations frequently aim to be more transparent
online in order to manage their internet reputation positively. The attacker
might be able to gather general information about the target company with the
use of this transparency. Tools like
Mention can be used to
track online reputation. ORM Tracking tools can be used by an attacker to:
- Track a company's online reputation
- Collect a company's search engine ranking information
- Obtain email notifications when a company is mentioned online
- Track conversations
- Obtain social news about the target organization.
Finding the Geographical Location of the Target
Information such as the physical location of an organization plays a vital
role in the hacking process. In addition to the precise location, a
hacker can learn about nearby open Wi-Fi hotspots that could provide access
to the network of the target company. Attackers may use tools like
Google Earth, Google Maps, Yahoo Maps, and Wikimapia to locate building
entrances, security cameras, gates, hiding spots, weak points in perimeter
fences, and utility resources like electricity connections, traffic
conditions, driving directions, etc.
Attackers who are aware of the location of a target organisation may use
social engineering, dumpster diving, spying, and other non-technical attacks
to learn more. Unauthorised access to buildings, wired and wireless
networks, and systems may be possible using this knowledge.
You might be interested in,
- Footprinting through Web Services - Part 2
- Phases of Hacking
- Introduction to Footprinting - First Step to Hacking
- Information Obtained in Footprinting
- Objective and Threats of Footprinting
- Countermeasures of Footprinting
- Footprinting - First Step on Hacking (Summary) with Tools
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment