Footprinting through Web Services - Part 2

In this section, we'll show you how to use web resources, including personal search engines, social networking sites, financial services, third-party data repositories, groups, forums, blogs, and more, to obtain publically available information about the target organisation. Using this information, an attacker may build a hacking strategy to break into the target organization's network and carry out advanced system attacks. 


This topic is divided into two articles. Continue Reading Part 1


via People Search Services

Websites that list public records can be used to research an individual. With this search, one can get information on relatives and friends, properties, companies, social networking profiles, addresses, contact information, date of birth, images, videos, and more. 

Social Networking sites such as Facebook, Twitter, LinkedIn, and Instagram allow you to find people by name, keyword, company, school, friends, colleagues, and the people living around them.  These websites contain information that users provide in their profiles. These sites are a great platform for finding people and their related information as the sites allow people to share information in real-time.  It is simple and anonymous to look for people on social networking sites because many of them enable visitors to do so without creating an account. 

Through people searching, an attacker can gather critical information that will help them in performing social engineering or other kinds of attacks. 


via Job Sites

On the job posting page of many organisations' websites, recruiting data is made available, which in turn reveals hardware and software information, network-related information, and technologies used by the business (such as firewall, internal server types, operating system details, network appliances, database schema, etc.). 

Additionally, hackers have access to employee resumes that have been uploaded on job sites and can pull out details like employment history. This may disclose technical data about the target organisation. Technical information can be gathered from job sites such as Dice, LinkedIn, Monster.com, naukri.com, and Simply Hired to detect underlying vulnerabilities in the target IT infrastructure. 


via Business Profile Sites

A crucial element in the information-gathering process is finding helpful information on corporate websites. Attackers can acquire vital details about the target companies, like their location, phone numbers, email addresses, personnel databases, department names, service offerings, and industry, by using business profile websites like opencorporates, corporationwiki, and Crunchbase. 


via Groups, Forums, and Blogs

Attackers frequently concentrate their search for information on groups, forums, and blogs to learn more about a target organisation and its members. Organisations frequently overlook the exchange of information that employees reveal to other users via such platforms. Attackers take advantage of this and gather sensitive data about the target, including details about its public network, its system, and the personal information of its employees like,
  • Full Name, Place of Work and Residence.
  • Personal and Organizational mobile numbers and email addresses. 
  • Pictures of the employee's residence or work location that include identifiable information. 
  • Pictures of employee awards and rewards or upcoming goals. 


via NNTP Usenet Newsgroups

A Usenet newsgroup is a repository containing a collection of notes or messages on various subjects and topics that are posted by users in different locations using the Internet. Many professionals use newsgroups to resolve their technical issues by posting questions on Usenet. To obtain solutions for these issues, sometimes they post more details information about the target than needed. Attackers can get useful information on the operating systems, software, web servers, etc. by searching Usenet newsgroups such as Stackoverflow or mailing lists like Newshosting, Eweka, and Supernews. 


via Deep and Dark Web 

To know about the Surface, Deep and Dark Web, Click Here

Attackers can gather private information about the target, including credit card information, passport information, identification card information, medical records, social media accounts, and the Aadhar Card Number, using deep and dark web searching tools like Tor Browser, ExoneraTor, and OnionLand Search Engine. 


You might be interested in, 

No comments:

Post a Comment