tag:blogger.com,1999:blog-24899468077769683012024-03-21T07:54:31.748+05:30CyberWiki - Encyclopedia of CybersecurityEncyclopedia of Cybersecurity with a mission to be the world’s information resource for cybersecurity learners for free. Previously know as Hack Hunt.Unknownnoreply@blogger.comBlogger233125tag:blogger.com,1999:blog-2489946807776968301.post-17713421556874454512024-03-20T21:43:00.002+05:302024-03-20T21:47:19.195+05:30Port Scanning Countermeasures<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfVMYTd4higqWxJ4asgKkTbDvRXQGPxbo2qbFCEtk8iLjougCs4DXSKN1jjLQFEFEXXuLZq4S5twcdRZiDN642bHbHVC82d3M0wPlyC6RoFPReTWl4dznKTL5kqwzWcb6shQZcVg1R_DHh_Bb1Vn1yZmqASFsRSPYB7twKz_hek18NUpxHmfXrttojjs/s1280/Port%20Scanning%20Techniques%20-%20Countermeasures%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfVMYTd4higqWxJ4asgKkTbDvRXQGPxbo2qbFCEtk8iLjougCs4DXSKN1jjLQFEFEXXuLZq4S5twcdRZiDN642bHbHVC82d3M0wPlyC6RoFPReTWl4dznKTL5kqwzWcb6shQZcVg1R_DHh_Bb1Vn1yZmqASFsRSPYB7twKz_hek18NUpxHmfXrttojjs/w640-h360/Port%20Scanning%20Techniques%20-%20Countermeasures%20Cover.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div style="text-align: justify;">Administrators often use port scanning techniques to verify the security policies of their networks, whereas attackers use them to identify open ports and running services on a host with the intent of compromising the network. Furthermore, users occasionally leave needless open ports on their systems without realizing it. Such open ports are exploited by an attacker to launch assaults. <span style="text-align: left;">But as long as you take the following precautions to safeguard your system or network from port scanning, there's no need to worry.</span></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Continue reading <a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-1.html">Part 1</a> and <a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-2.html">Part 2</a> of Port Scanning Techniques. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><ul><li>When the attackers use port scanning tools to send probes, the firewall should be able to identify them. It only needs to look at the TCP header to prevent traffic from passing through it. Before permitting traffic to flow via a packet, the firewall has to have the capability to scrutinize the data enclosed within it.<br /></li><li>Try using the port scanning tools on network hosts to see if the firewall can correctly identify port scanning activities. <br /></li><li>Set up commercial firewalls to prevent SYN floods and quick port scans on your network. On Linux/Unix systems, you can use programmes like port entry to identify and stop attempts at port scanning.</li><li>If a commercial firewall is in use, then ensure that:</li><ul><li>It is patched with the latest updates</li><li>It has correctly defined antispoofing rules</li></ul><li>Ensure that the anti-spoofing rules are configured.</li><li>Ensure that the router, IDS, and firewall firmware are updated with their latest releases/versions.</li><li>When it comes to detecting stealth scans, certain firewalls perform better than others. For instance, while some firewalls entirely disregard FIN scans, several have special settings to identify SYN scans. <br /></li><li>Hackers sniff the details of a remote OS using tools like Nmap and OS detection. In these situations, it is crucial to use intrusion detection systems.</li><li>Block unwanted services running on the ports and update the service versions. </li><li>Ensure that the versions of services running on the ports are non-vulnerable. </li><li>Because an attacker will attempt to enter through any open port, keep as few ports open as possible and filter the rest. Lock down the network, filter the following ports, and block unauthorised ports at the firewall using a custom rule set: 135-159, 256-258, 389, 445, 1080, 1745, and 3268.<br /></li><li>Block inbound ICMP message types and all outbound ICMP type-3 unreachable messages at the border arranged in front of a company's main firewall. </li><li>Attackers attempt to use an intermediary host that can communicate with the target to execute source routing and send packets to the targets—which might not be accessible over the Internet. Therefore, you need to be sure that your router and firewall are capable of blocking these source-routing methods.</li><li>Make sure that no specific source port or source-routing technique may be utilised to circumvent the routing and filtering mechanisms at the routers and firewalls, respectively.<br /></li><li>Test your IP address space using TCP and UDP port scans as well as ICMP probes to determine the network configuration and accessible ports.</li></ul><div><br /></div><div><div style="text-align: left;"><b><i>You might be interested in, </i></b></div><div style="text-align: left;"><ul><li><a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-1.html" target="">Port Scanning Techniques - Part 1</a></li><li><a href="https://www.cyberwiki.in/2021/02/nmap-port-scanning-techniques.html" target="_blank">Nmap - Port Scanning Techniques (Summary)</a></li><li><a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a></li><li><a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning.html">Host Discovery Techniques via Scanning</a></li><li><a href="https://www.cyberwiki.in/2020/11/tcpip-3-way-handshake.html" target="">Working of TCP 3-Way Handshake</a></li><li><a href="https://www.cyberwiki.in/2023/12/introduction-to-scanning-second-step-to.html">Introduction to Scanning - Second Step to Hacking</a></li></ul><div><br /></div><div>We hope this helps. If you have any suggestions or doubts you can add a comment and we will reply as soon as possible.</div></div></div></div><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-51311844354870739482024-03-20T18:37:00.009+05:302024-03-20T21:47:03.465+05:30Port Scanning Techniques - Part 2<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdtvcbets9qFuRWp7L8wW1ioPPrqEqgpVeyTZ-_pRbZ0h9AIYHOGRK8ID1qnBoNhofPSkz8CHornTqrFMBhCWWqk3BvCjvs1mF0c3rAsX1g4uFbxfG9GPrKEF0RP0Kri9kX2LcNOGeSPdrIv0EMJeCVhaGrY9DcG6rHErohrMfxG5AJV1zsNHveYRJllY/s1280/Port%20Scanning%20Techniques%20-%20Part%202%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdtvcbets9qFuRWp7L8wW1ioPPrqEqgpVeyTZ-_pRbZ0h9AIYHOGRK8ID1qnBoNhofPSkz8CHornTqrFMBhCWWqk3BvCjvs1mF0c3rAsX1g4uFbxfG9GPrKEF0RP0Kri9kX2LcNOGeSPdrIv0EMJeCVhaGrY9DcG6rHErohrMfxG5AJV1zsNHveYRJllY/w640-h360/Port%20Scanning%20Techniques%20-%20Part%202%20Cover.jpg" width="640" /></a>
</div>
<br />
<div style="text-align: justify;">
Administrators often use port scanning techniques to verify the security
policies of their networks, whereas attackers use them to identify open ports
and running services on a host with the intent of compromising the network.
Furthermore, users occasionally leave needless open ports on their systems
without realising it. Such open ports are exploited by an attacker to launch
assaults.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
This article is divided into two articles. Continue reading
<a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-1.html">Part 1</a>.
</div>
<div style="text-align: justify;"><br /></div>
<h2 style="text-align: justify;">UDP Scanning (-sU)</h2>
<div style="text-align: justify;">
The UDP scan is less informal concerning an open port because there is no
overhead of a TCP handshake. <span style="text-align: left;">This scan performed exceptionally well on Windows-based hardware. Sending a
packet using the UDP protocol can be trickier than using TCP scanning since
you can't tell if a host is filtered, dead, or alive.</span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">If you send a UDP packet to a port without an application bound to it, the
IP stack will return an ICMP port unreachable packet. if any port returns an
ICMP error, it will be closed, leaving the ports that did not answer if they
are open or filtered through the firewall.</span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">The UDP scan provides port information Only. It also requires privileged
access; hence, this scan option is only available on systems with the
appropriate user permissions. </span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">In nmap, the <b>-sU</b> option is used to perform a UDP
scan. </span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<h2 style="text-align: justify;">
<span style="text-align: left;">SCTP Scanning</span>
</h2>
<h3 style="text-align: left;">
<span style="text-align: left;">SCTP INIT Scanning (-sY)</span>
</h3>
<div style="text-align: justify;">
<span style="text-align: left;">SCTP stands for String Control Transmission Protocol. </span>It is a relatively new alternative to the TCP and UDP protocols, combining
most characteristics of TCP and UDP. SCTP association comprises a four-way
handshake method. The client initiates the connection with <b>INIT</b>, gets
back <b>INIT-ACK</b>, then sends <b>COOKIE-ECHO</b>, and gets back
<b>COOKIE-ACK</b>. Transmission of these four packets completes the SCTP
Association.
</div>
<div><br /></div>
<div style="text-align: justify;">
Similar to TCP SYN, this scan is likewise relatively undetectable and stealthy
because it leaves the connection half open because it is unable to finish SCTP
associations. Attackers send INIT chunks to the target host. If the port
is <b>listening or open</b>, it sends an acknowledgement as an INIT+ACK chunk.
If the port is <b>not listening or inactive</b>, it sends an acknowledgement
as an ABORT chunk.
</div>
<div><br /></div>
<div style="text-align: justify;">
The port is filtered if, after several transmissions, there is no response or
if an ICMP unreachable exception is returned. In nmap,
the <b>-sY</b> option is used to perform this scan.
</div>
<div><br /></div>
<h3 style="text-align: left;">SCTP COOKIE ECHO Scanning (-sZ)</h3>
<div style="text-align: justify;">
It is a more advanced type of scan. Only a good IDS will be able to detect the
SCTP COOKIE ECHO chunk. It takes advantage of the fact that SCTP
implementations should silently drop packets containing COOKIE ECHO chunks on
open ports, but send an ABORT if the port is closed. <span style="text-align: left;">It displays the output as <b><i>open|filtered</i></b> in all scenarios and
is unable to distinguish between open and filtered ports. </span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">In nmap, the <b>-sZ</b> option is used to perform this
scan. </span>
</div>
<div><br /></div>
<h2 style="text-align: left;">SSDP Scanning</h2>
<div style="text-align: justify;">
Simple Service Discovery Protocol (SSDP) is a network protocol that generally
controls communication for the Universal Plug and Play (UPnP)
feature. The SSDP service will respond to a query sent over IPv4 or IPv6
broadcast addresses. <span style="text-align: left;">Details regarding the related UPnP feature are included in this response.
The UPnP SSDP M-SEARCH information discovery tool can be used by the
attacker to determine if the device is susceptible to UPnP exploits. This
can be achieved using the <b>MSFCONSOLE </b>tool. Use
<b>ssdp_msearch</b>, set the <b>RHOSTS</b> to the target IP
address and enter <b>exploit</b>.</span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsbntugKrOEq6z3oFD1rJ7kZfXw4cXRqXCTy7Ag4WLpltxNs3yVks61pnjhLg8vRHxS1Ea76n2ORDXoQA52f5gPyLTpJ7YoU12_g-SEMgOM04bIXM2g4FTtYmQHFb14tyNqeKSThZ1D76b_6SaZ3YkHLoZXpv6RHXZei5TXedEAnTVlj_JSSHRqw-FsDQ/s777/ssdp%20scanning%20msfconsole%20cyberwiki.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="531" data-original-width="777" height="438" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsbntugKrOEq6z3oFD1rJ7kZfXw4cXRqXCTy7Ag4WLpltxNs3yVks61pnjhLg8vRHxS1Ea76n2ORDXoQA52f5gPyLTpJ7YoU12_g-SEMgOM04bIXM2g4FTtYmQHFb14tyNqeKSThZ1D76b_6SaZ3YkHLoZXpv6RHXZei5TXedEAnTVlj_JSSHRqw-FsDQ/w640-h438/ssdp%20scanning%20msfconsole%20cyberwiki.PNG" width="640" /></a>
</div>
<span style="text-align: left;"><br /></span>
</div>
<h2 style="text-align: justify;">
<span style="text-align: left;">List Scanning</span>
</h2>
<div>
<span style="text-align: left;">This type of scan simply generates and prints a list of IPs/Names without
actually pinging them. By default, a reverse DNS resolution is still carried
out on each host by Nmap to learn their names. In nmap, the
<b>-sL</b> option is used to perform this type of scan. </span>
</div>
<div>
<span style="text-align: left;"><br /></span>
</div>
<h2 style="text-align: left;">
<span style="text-align: left;">IPv6 Scanning</span>
</h2>
<div style="text-align: justify;">
To allow for more levels of address hierarchy, IPv6 expands the capacity of an
IP address from 32 bits to 128 bits. Attackers need to harvest IPv6
addresses from network traffic, recorded logs, or Received from: (header lines
in archived emails). In nmap, the <b>-6 </b>option is used to scan for IPv6
addresses.
</div>
<div style="text-align: justify;"><br /></div>
<h2 style="text-align: justify;">Service Detection</h2>
<div>
All that version detection techniques do is look up TCP and UDP ports. Each
port has a designated service, and each service has a version. An attacker can determine which attacks the target system is vulnerable to
by getting precise service version numbers. <br /><br />For instance, an
attacker can quickly launch a WannaCry ransomware attack using Metasploit's
eternalblue and doublepulsar backdoor combination if they identify the SMBv1
protocol as a running service on the target Windows PC. <br />
</div>
<div><br /></div>
<div>
In nmap, the <b>-sV </b>option is used to detect service versions.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<b><i>You might be interested in, </i></b>
</div>
<div style="text-align: left;">
<ul>
<li>
<a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-1.html" target="">Port Scanning Techniques - Part 1</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2021/02/nmap-port-scanning-techniques.html" target="_blank">Nmap - Port Scanning Techniques (Summary)</a>
</li><li><a href="https://www.cyberwiki.in/2024/03/port-scanning-countermeasures.html">Port Scanning Countermeasures</a></li>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning.html">Host Discovery Techniques via Scanning</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/11/tcpip-3-way-handshake.html" target="">Working of TCP 3-Way Handshake</a>
</li><li><a href="https://www.cyberwiki.in/2023/12/introduction-to-scanning-second-step-to.html">Introduction to Scanning - Second Step to Hacking</a></li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
</div>
<p></p>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-21357233021305932772024-03-20T18:36:00.006+05:302024-03-20T21:46:54.689+05:30Port Scanning Techniques - Part 1<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHmabK8KGWjQ-FqQp1c7tuMTP4VE22c9CxfgvxAX5G4JoFbsdtJSx2d79x8daWjDwR8ab5bN0dn8jIaKriKZr_odeoPJWTjTbvyGDFAWengwOC9mcr5SMjsa_ddnIdVmtndBm0XmB_VNmxuHutEOrqAb21I7MV9nj0YsZT8fJWOrOM5E5HiM3Ws9Kfq8w/s1280/Port%20Scanning%20Techniques%20-%20Part%201%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHmabK8KGWjQ-FqQp1c7tuMTP4VE22c9CxfgvxAX5G4JoFbsdtJSx2d79x8daWjDwR8ab5bN0dn8jIaKriKZr_odeoPJWTjTbvyGDFAWengwOC9mcr5SMjsa_ddnIdVmtndBm0XmB_VNmxuHutEOrqAb21I7MV9nj0YsZT8fJWOrOM5E5HiM3Ws9Kfq8w/w640-h360/Port%20Scanning%20Techniques%20-%20Part%201%20Cover.jpg" width="640" /></a>
</div>
<br />
<p style="text-align: justify;">
Administrators often use port scanning techniques to verify the security
policies of their networks, whereas attackers use them to identify open ports
and running services on a host with the intent of compromising the
network. Furthermore, users occasionally leave needless open ports on
their systems without realising it. Such open ports are exploited by an
attacker to launch assaults.
</p>
<p style="text-align: justify;"><br /></p>
<div>
<div>
<h2 style="text-align: left;"><b>Full Open Scan (-sT)</b></h2>
<div style="text-align: justify;">
It is the default TCP scan when SYN is unavailable (generally when the
root privilege is unavailable). In this case, Nmap does not craft packets
instead the OS's TCP <b>connect()</b> system call sends the
request. It is less efficient, as the <b>connect()</b> makes a
separate call for every port in a linear manner which takes a longer time
and requires more packets to obtain the same result. The drawback of
this type of scan is that it is noisier which makes it easily detectable
and filterable. In nmap, the <b>-sT</b> option is used to
perform this scan.
</div>
<div style="text-align: justify;"><br /></div>
</div>
<h2 style="text-align: left;"><span>Stealth Scan (-sS)</span></h2>
</div>
<div>
<div style="text-align: justify;">
<span style="text-align: left;">It</span> is the
most <b>powerful</b> and default scan option. Stealth Scan
partially opens a connection but stops halfway through. <span style="text-align: left;">It is also known as a SYN scan because it only sends the <b>SYN packet</b> and if the server responds with a SYN/ACK packet, nmap closes the
connection by sending RST and marks the port as open. </span><span style="text-align: left;">By doing this, the service is <b>unable</b> to alert the
incoming connection, getting under firewall restrictions and logging
systems and appearing as normal network traffic. It
is <b>quick</b> and can scan hundreds of ports in a second. In
nmap, the <b>-sS</b> option is used to perform this scan.</span>
</div>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<h2 style="text-align: justify;">
<span style="text-align: left;">Inverse TCP Flag Scan</span>
</h2>
<div style="text-align: justify;">
<span style="text-align: left;">Sending SYN packets to target hosts' sensitive ports is detected by
security mechanisms like firewalls and intrusion detection systems
(IDS). Depending on the security mechanisms installed, probing packets
that have been enabled with TCP flags may occasionally slip past filters
without being noticed. </span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">TCP probe packets are sent by attackers with or without TCP flags (FIN,
URG, PSH) set. An RST response indicates that the port is closed, whereas no
response suggests that the port is open. According to RFC 793, an
RST/ACK packet is sent for connection rest when the host closes a port. Not
particularly effective against Windows hosts. Considering that Microsoft
utterly disregards the RFC 793 norm. On the other hand, this method works
well with UNIX-based operating systems.</span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">Inverse TCP flag scanning is known as FIN, URG, and PSH scanning based on
the flag sent in the probe packet. </span>
</div>
<div style="text-align: justify;">
<ul>
<li style="text-align: justify;">
If there is no flag set, it is known as
a <b>NULL</b> <b>SCAN</b>. Do not set any bits (the TCP flag
header is 0). In nmap, the <b>-sN </b>option is used to perform this
scan.
</li>
<li style="text-align: justify;">
If only the FIN flag is set, it is known as
the <b>FIN</b> <b>SCAN</b>. Sets just the TCP FIN bit. In nmap,
the <b>-sF</b> option is used to perform this scan.
</li>
<li style="text-align: justify;">
If all of FIN, URG, and PSH are set, lighting the packet like a
Christmas tree thus the name <b>Xmas SCAN</b>. When all flags are
set, some systems hang; hence the flags are often set in URG-PSH-FIN. In
nmap, the <b>-sX</b> option is used to perform this scan.
</li>
<li style="text-align: justify;">
<b>TCP Maimon SCAN </b>is similar to NULL, FIN, and Xmas scan, but
the probe used here is FIN/ACK. If there is no response, the port is
marked <b>Open|Filtered</b>. In nmap, the <b>-sM</b> option is
used to perform this scan.
</li>
</ul>
<div><br /></div>
<h2 style="text-align: left;">ACK Flag Probe Scan</h2>
<div>
Attackers send TCP probe packets with the ACK flag set to a remote device
and then analyze the header information (TTL and WINDOW field) of the
received RST packets to determine if the port is open or closed. This
type of scanning works exclusively with BSD-derived TCP/IP stack operating
systems. Categories of ACK Flag probe scanning include:
</div>
<div><br /></div>
<div>
<h4><b>TTL-based ACK Flag Probe Scanning</b></h4>
<div>
You will send ACK probe packets (several thousand) to different TCP ports
and then analyze the TTL field value of the RST packets received. In nmap,
the syntax <b>nmap -ttl [time] [target] </b>is used to perform a TTL-Based
Scan.
<i>A port is open if the TTL value of the RST packet on that port is less
than the boundary value of 64</i>.
</div>
<br />
</div>
<h4>Windows-Based ACK Flag Probe Scanning</h4>
<div>
You will send ACK probe packets (several thousand) to different TCP ports
and analyze the window field value of the received RST packets. When every
port returns the same TTL value, the user can use this scanning strategy. In
nmap, the <b>-sW</b> option is used to perform a window scan.
<i>A port is open if the windows value of a RST packet on that port is
non-zero</i>.
</div>
<div><br /></div>
<div>
The ACK flag probe scanning technique also helps in checking the filtering
systems of the target networks. An ACK probing packet with a random sequence
number is sent by the attacker. Receiving an RST response from the target
indicates that the port is not filtered (no firewall is present); getting no
response from the target indicates that a stateful firewall is present and
the port is filtered. In nmap, the <b>-sA</b> option is used to perform
an ACK flag probe scan.
</div>
<div><br /></div>
<h2>IDLE/IPID Header Scan</h2>
<div>
Every IP packet on the Internet has a fragment identification number (IPIO);
an OS increases the IPID for each packet sent, thus, probing an IPID gives
an attacker the number of packets sent after the last probe.
</div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguMEomF7wCcLsYjpRMIqMW8SmqCnhvoEnBPsOkuN6qFtIJd4RhBok2mgHI2H-1pQSLfFcO9Bh3fB5bxVpLEk1yTwWqQaRldduvagt9ULkLsrYXGKzEHeuHkLbIK5N3xTWKabR8IpZMNxFoD55KLEh2n2cqzLT0tsxj-6D4cve9A6nDULbd_ApxCp5Leq0/s870/IDLE%20Scan%20Diagram%20Cyber%20wiki%20nmap.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="687" data-original-width="870" height="506" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguMEomF7wCcLsYjpRMIqMW8SmqCnhvoEnBPsOkuN6qFtIJd4RhBok2mgHI2H-1pQSLfFcO9Bh3fB5bxVpLEk1yTwWqQaRldduvagt9ULkLsrYXGKzEHeuHkLbIK5N3xTWKabR8IpZMNxFoD55KLEh2n2cqzLT0tsxj-6D4cve9A6nDULbd_ApxCp5Leq0/w640-h506/IDLE%20Scan%20Diagram%20Cyber%20wiki%20nmap.png" width="640" /></a>
</div>
<div>
<div style="text-align: justify;">
<b>1.</b> To find the IPID number, send it a SYN + ACK packet.
</div>
<div style="text-align: justify;">
<b>2.</b> When a zombie computer receives an SYN + ACK packet, it will
send an RST packet. To retrieve the IPID, examine the zombie machine's RST
packet.
</div>
<div style="text-align: justify;">
<b>3.</b> Send an SYN packet to the target machine and forge the
zombie's IP address.
</div>
<div style="text-align: justify;">
<b>4.</b> If the port is open, the target will send an SYN + ACK packet
to the zombie, and the zombie will send the RST to the target in
response.
</div>
<div style="text-align: justify;">
<b>5.</b> If the port is closed, the target will send an RST to the
zombie, but the zombie will not send anything back.
</div>
<div style="text-align: justify;">
<b>6.</b> Check the zombie IPID once more. An open port is indicated by
an IPID increase of 2, while a closed port is indicated by an IPID increase
of 1.
</div>
</div>
<br />
<div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-2.html" target="">Port Scanning Techniques - Part 2</a>
</li><li><a href="https://www.cyberwiki.in/2024/03/port-scanning-countermeasures.html">Port Scanning Countermeasures</a></li>
<li>
<a href="https://www.cyberwiki.in/2021/02/nmap-port-scanning-techniques.html" target="_blank">Nmap - Port Scanning Techniques (Summary)</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li><li><a href="https://www.cyberwiki.in/2023/12/introduction-to-scanning-second-step-to.html">Introduction to Scanning - Second Step to Hacking</a></li>
<li>
<a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning.html">Host Discovery Techniques via Scanning</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/11/tcpip-3-way-handshake.html" target="">Working of TCP 3-Way Handshake</a>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-22090117502617152392023-12-06T08:28:00.008+05:302024-03-20T21:46:14.523+05:30Host Discovery Techniques via Scanning - Part 2<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgurVvNQd2lLpOlrlB1LKcVxLbfjA_48pfPxLEjx2Mk0ZcsUNqW-DEB41aKBV_9k-KM7WAjLy6fpzo4fDemHoCdGuGz0ujLeBwB4fRYe229Tw5QKnJTUbXmycEhHxPcpF6N820xauXJP0P6obRjczSoDZDm_JylkiHsh5_m5gbtCs5DzNFfpw54SMXs8Lg/s1280/Host%20Discovery%20Techniques%20via%20Scanning%20-%20Part%202%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgurVvNQd2lLpOlrlB1LKcVxLbfjA_48pfPxLEjx2Mk0ZcsUNqW-DEB41aKBV_9k-KM7WAjLy6fpzo4fDemHoCdGuGz0ujLeBwB4fRYe229Tw5QKnJTUbXmycEhHxPcpF6N820xauXJP0P6obRjczSoDZDm_JylkiHsh5_m5gbtCs5DzNFfpw54SMXs8Lg/w640-h360/Host%20Discovery%20Techniques%20via%20Scanning%20-%20Part%202%20Cover.jpg" width="640" /></a>
</div>
<br />
<p>
To discover the active/live hosts in the network, host discovery techniques
can be used. As an ethical hacker, you must be aware of the various types.
</p><p><br /></p><p>This article is divided into two parts. Continue Reading <a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning.html" target="_blank">Part 1</a>. </p><p><br /></p>
<h3 style="text-align: left;">ICMP ECHO Ping Scan</h3>
<div style="text-align: justify;">
<div>
Ping scans with ICMP ECHO entail sending ICMP ECHO queries to a server. If
the host is up and running, it will respond with an ICMP ECHO. This scan is
useful for detecting active devices or determining whether an ICMP packet is
being routed via a firewall.
</div>
<div><br /></div>
<div>
Linux-based PCs use ICMP echo scanning; the TCP/IP stack implementations in
these OSs reply to ICMP echo requests to broadcast addresses, whereas
Windows-based networks do not use this technique.
</div>
<div><br /></div>
<div>
In nmap, the <b>-PE</b> option is used to perform the ICMP ECHO ping
scan.
</div>
<div><br /></div>
<h3>ICMP ECHP Ping Sweep</h3>
<div>
<div>
Ping Sweep sends ICMP ECHO requests to numerous hosts to determine the
live hosts from a range of IP addresses. If a host is alive, it will
respond with an ICMP ECHO. Attackers then use a ping sweep to construct a
list of active systems in the subnet.
</div>
<div><br /></div>
<div>
Pinging delivers a single packet across the network to a specific IP
address. After that, the sender waits or listens for a return packet.
Pings also include the time it takes for a packet to complete its journey,
known as "round-trip time."
</div>
</div>
<div><br /></div>
<h4>TOOLS</h4>
<div>
<div>
The ping sweep tools listed below allow you to determine live hosts on the
target network by issuing several ICMP ECHO queries to different hosts on
the network at the same time.
</div>
</div>
<div>
<ul>
<li>
<a href="https://angryip.org/" target="_blank">Angry IP Scanner</a>
</li>
<li><a href="https://pingtester.net/">Visual Ping Tester</a></li>
<li>
<a href="https://www.manageengine.com/products/oputils/">OpUtils</a>
</li>
</ul>
<div><br /></div>
<h4>COUNTERMEASURES</h4>
</div>
<div>
<ul>
<li>
Set up firewalls to immediately identify and block ping sweep attempts.
</li>
<li>
To identify and stop ping sweep attempts, use intrusion detection and
prevention systems such as Snort.
</li>
<li>
Examine closely the kind of ICMP traffic that is passing via company
networks.
</li>
<li>
Any server that sends out more than 10 ICMP ECHO requests should have
their connections cut off.
</li>
<li>
Use DMZs and restrict access to instructions such as <i>TIME EXCEEDED</i>, <i>HOST
UNREACHABLE</i>, and <i>ICMP ECHO_REPLY</i>.
</li>
<li>
Access Control Lists (ACLs) can be used to restrict ICMP traffic and
grant permissions to IP addresses that are special to them, such as
ISPs.
</li>
</ul>
<div><br /></div>
<h3>ICMP Timestamp Ping Scan</h3>
<div>
ICMP timestamp ping is an optional and additional type of ICMP
ping, in which an attacker queries a timestamp message to obtain the
target host machine's current time information. For every timestamp qurey
received, the target machine replies with a timestamp reply. Nevertheless,
the destination host's response is conditional; based on how the
administrator configured it at the target's end, it might or might not
respond with the time value.
</div>
<div><br /></div>
<div>
In nmap, the -<b>PP</b> option is used to perform an ICMP timestamp
ping scan.
</div>
<div><br /></div>
<h3>ICMP Address Mask Ping Scan</h3>
<div>
<div>
An additional option to the conventional ICMP ECHO ping is the ICMP
address mask ping, in which the attacker sends an ICMP address mark
inquiry to the target host to obtain subnet mask information.
Depending on how it is configured, the address mark might, nevertheless,
respond with the correct subnet value.
</div>
</div>
<div><br /></div>
<div>
In nmap, the<b> -PM</b> option is used to perform an ICMP address mask
ping scan.
</div>
<div><br /></div>
<div>
<div style="text-align: left;">
<b><i>You might be interested in, </i></b>
</div>
<div style="text-align: left;">
<ul>
<li>
<a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning.html">Host Discovery Techniques via Scanning - Part 1</a>
</li><li><a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a></li>
<li>
<a href="https://www.cyberwiki.in/2023/12/introduction-to-scanning-second-step-to.html">Introduction to Scanning - Second Step to Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2021/02/nmap-host-discovery-techniques.html">Nmap - Host Discovery Techniques</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2021/02/nmap-port-scanning-techniques.html">Nmap - Port Scanning Techniques</a>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can
add a comment and we will reply as soon as possible.
</div>
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-57022021566209192532023-12-05T11:41:00.011+05:302024-03-20T21:45:59.567+05:30Host Discovery Techniques via Scanning - Part 1<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNCvzS9-GO4R5uWFkDr1N1KbCdEz-3-C7EogiSpfNkHFrkyC06XLm8KgiXI8NtK0kYYrmQTm-EGpsctly8iWCpsOdweg0LN_touiYBsPdx8H8DCkpH8Hn_6qvvFHPGAdIxXEVsLyP71HKolH2QkG-1QeSHTiVo3dGUh79-C2BbwFQY4dFDNXDn_10CN0s/s1280/Host%20Discovery%20Techniques%20via%20Scanning%20-%20Part%201%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNCvzS9-GO4R5uWFkDr1N1KbCdEz-3-C7EogiSpfNkHFrkyC06XLm8KgiXI8NtK0kYYrmQTm-EGpsctly8iWCpsOdweg0LN_touiYBsPdx8H8DCkpH8Hn_6qvvFHPGAdIxXEVsLyP71HKolH2QkG-1QeSHTiVo3dGUh79-C2BbwFQY4dFDNXDn_10CN0s/w640-h360/Host%20Discovery%20Techniques%20via%20Scanning%20-%20Part%201%20Cover.jpg" width="640" /></a>
</div>
<p style="text-align: justify;">
To discover the active/live hosts in the network, host discovery techniques
can be used. As an ethical hacker, you must be aware of the various types of
host discovery techniques.
</p>
<p style="text-align: justify;"><br /></p>
<h3 style="text-align: justify;">ARP Ping Scan</h3>
<p style="text-align: justify;">
The ARP ping scan sends ARP packets to find all active devices in the IPv4
range, even if their presence is masked by a restrictive firewall.
</p>
<p style="text-align: justify;">
If an attacker sends ARP request probes to a target host and receives an ARP
response, the host is active. If the destination host is discovered to be
inactive, the source host adds an incomplete entry to the destination IP in
its kernel ARP database. Check <a href="https://www.cyberwiki.in/2021/01/concept-of-arp-spoofing-attacks.html">How ARP is used for Spoofing Attacks</a></p>
<p style="text-align: center;">
<span style="font-family: courier; font-size: large;"><b>nmap -sn -PR <IP></b></span>
</p>
<p style="text-align: justify;"></p>
<ul>
<li>
<b>-sn</b>: disable port scan. ARP ping scan is default in nmap. To disable
and preform oterh ping scans, use
<i style="font-weight: bold;">--disable-arp-ping</i>.
</li>
</ul>
<p></p>
<h4 style="text-align: justify;">Advantages:</h4>
<ul style="text-align: left;">
<li>
ARP ping scanning is thought to be more efficient and accurate than other
host discovery methods.
</li>
<li style="text-align: justify;">
ARP ping scan handles ARP requests, retransmission, and timeouts
automatically at its discretion.
</li>
<li style="text-align: justify;">
ARP ping scan is useful for system discovery when scanning huge address
spaces.
</li>
<li style="text-align: justify;">
ARP ping scan can show a device's response time or latency to an ARP
packet.
</li>
</ul>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">UDP Ping Scan</h3>
<div style="text-align: justify;">
UDP ping scans are similar to TCP ping scans, except that UDP packets are sent
instead of TCP packets. The default port used by Nmap is 40,125, which is
extremely uncommon. Attackers send UDP packets to the target host, and a UDP
response indicates that the target host is active. UDP Ping Scan has the
advantage of finding systems behind firewalls with tight TCP filtering, while
UDP traffic is ignored. In Zenmap, <b>-PU </b>option is used to perform
the UDP ping scan.
</div>
<div><br /></div>
<h3 style="text-align: left;">TCP SYN Ping Scan</h3>
<div style="text-align: justify;">
TCP SYN ping scan is used for probing different ports to determine if the port
is online and to check if it encounters any firewall rule sets.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
An attacker uses this approach by sending the empty TCP SYN flag to begin the
three-way handshake. The target host acknowledges with an ACK flag after
receiving SYN. When the attacker receives the ACK flag, it checks that the
target host is alive and sends the RST flag to terminate the connection.
The <b>-PS</b> option in Zenmap is used to do a TCP SYN ping scan.
</div>
<div style="text-align: justify;"><br /></div>
<h4 style="text-align: justify;">Advantages:</h4>
<div>
<ul style="text-align: left;">
<li>
Because the machines can be scanned concurrently, the scan never
encounters a time-out problem while waiting for a response.
</li>
<li style="text-align: justify;">
TCP SYN ping can be used to determine whether or not the host is active
without establishing a connection. As a result, logs are not recorded at
the system or network level, allowing the attacker to leave no traces for
discovery.
</li>
</ul>
</div>
<br />
<h3 style="text-align: left;">TCP ACK Ping Scan</h3><div style="text-align: justify;"><div>TCP ACK ping is similar to TCP SYN ping, with slight differences. The attackers use this approach to transmit an empty TCP ACK packet to the target machine. Because there is no prior connection between the attacker and the target host, the target responds with an RST signal to determine the request after receiving the ACK packet. The arrival of this RST packet at the attacker's end confirms that the host is active. </div><div><br /></div><div>The <b>-PA</b> option in Zenmap is used to perform a TCP ACK ping scan. </div><div><br /></div><h4>Advantage:</h4><div><br /></div><div><div>Both the SYN and ACK packets can be utilised to reduce the likelihood of a firewall bypass. However, because SYN ping packets are the most commonly used pinging technique, firewalls are typically set to block them. In such instances, the ACK probe can be utilised to simply bypass certain firewall rule sets.</div></div><div><br /></div><h3>IP Protocol Ping Scan</h3><div><div>IP Protocol ping is the most recent host discovery option that delivers IP ping packets with any specified protocol number in the IP header. It follows the same format as TCP and UDP ping. This method attempts to send various packets using various IP protocols in the hopes of receiving a response indicating that a host is online. </div></div><div><br /></div><div><div style="text-align: left;"><b><i>You might be interested in, </i></b></div><div style="text-align: left;"><ul><li><a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning_6.html">Host Discovery Techniques via Scanning - Part 2</a></li><li><a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a></li><li><a href="https://www.cyberwiki.in/2023/12/introduction-to-scanning-second-step-to.html">Introduction to Scanning - Second Step to Hacking</a></li><li><a href="https://www.cyberwiki.in/2021/02/nmap-host-discovery-techniques.html">Nmap - Host Discovery Techniques</a></li></ul><div><br /></div><div>We hope this helps. If you have any suggestions or doubts you can add a comment and we will reply as soon as possible.</div></div></div></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-12728736789044350312023-12-04T08:22:00.005+05:302024-03-20T18:40:19.112+05:30Introduction to Scanning - Second Step to Hacking<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJk2HaSecR_SXofsqRFHTlp5WCXH8E6bI5okxwm1vSAjKh7y3_-7axv79Z_Ytb8IRBb5Yp8stFL9VXd1GzQwQ8wcfSNelwmaz8dpDWA82U0LUho8zzs8FEjRcfT6HjAXgok3ShvS19iTjm-A1QiChtERWYkujF72-sTiQcDjVTTaDaParGmgJkZp7EpIU/s1280/Introduction%20to%20Scanning%20-%20Second%20Step%20to%20Hacking%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJk2HaSecR_SXofsqRFHTlp5WCXH8E6bI5okxwm1vSAjKh7y3_-7axv79Z_Ytb8IRBb5Yp8stFL9VXd1GzQwQ8wcfSNelwmaz8dpDWA82U0LUho8zzs8FEjRcfT6HjAXgok3ShvS19iTjm-A1QiChtERWYkujF72-sTiQcDjVTTaDaParGmgJkZp7EpIU/w640-h360/Introduction%20to%20Scanning%20-%20Second%20Step%20to%20Hacking%20Cover.jpg" width="640" /></a>
</div>
<br />
<div style="text-align: justify;">
Attackers begin their quest for an entry point into the target system after
identifying the target and doing basic reconnaissance. Attackers should detect
whether the target systems are active or inactive to save scanning time.
Notably, scanning is a deeper reconnaissance in which the attacker learns more
about the target.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Network Scanning refers to a set of procedures used for identifying hosts,
ports, and services in a network. It is one of the most crucial aspects
of an attacker's information collection, allowing him or her to develop a
profile of the target organisation.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Scanning is used to find vulnerable communication channels, explore as many
listeners as feasible, and track those responsive or relevant to an attacker's
needs. The attacker then employs the information he or she has gathered to
devise an attack strategy.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">TYPES OF SCANNING</h3>
<h4 style="text-align: left;"><b>Port Scanning</b></h4>
<div>
<div style="text-align: justify;">
Port scanning is a technique for discovering whether network ports are open
and potentially receiving or delivering data. It is also a procedure that
involves sending or probing packets to TCP and UDP ports on a host and
analysing the responses to find vulnerabilities. This analysis provides
information on the operating system and the application that is currently in
use. <span style="text-align: left;">Sometimes, active services that are listening may allow unauthorized
users to misconfigure systems or to run software with
vulnerabilities. </span>
</div>
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<h4 style="text-align: justify;">
<span style="text-align: left;">Network Scanning</span>
</h4>
<div>
<div style="text-align: justify;">
The active hosts and IP addresses are listed. Network scanning is a method
of locating active hosts on a network to attack them or analyse the
network's security.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<h4 style="text-align: justify;">Vulnerability Scanning</h4>
<div style="text-align: justify;">
Shows the presence of known weaknesses. Vulnerability scanning is a
technique for determining whether a system is exploitable by discovering its
flaws. A vulnerability scanner is made up of two parts: a scanning engine and
a catalogue. The catalogue is a list of commonly used files with known
vulnerabilities and exploits for various servers. The scanning engine keeps
logic for reading the exploit list, transferring requests to the web server,
and analysing requests to verify the server's safety.
</div>
<div class="alert-message alert" style="text-align: justify;">
<div>
<i class="fa fa-info-circle"></i> A criminal looking to break into a house
looks for entry points like doors and windows. Because they are easily
accessible, these are frequently the house's weak points. When it comes to
computer systems and networks, ports are the system's doors and windows that
an attacker can utilise to gain access.
</div>
<div><br /></div>
<div>
<i class="fa fa-info-circle"></i> A common guideline for computer systems is
that the more open ports there are on a system, the more vulnerable it is.
However, in other circumstances, a system with fewer open ports than another
machine poses a significantly higher level of vulnerability.
</div>
</div>
<h3>OBJECTIVES</h3>
<div>
<div style="text-align: justify;">
The more information available about the target organisation, the greater
the likelihood of discovering a network's security flaws and, as a result,
obtaining unauthorised access to it. Some objectives for scanning a network
are as follows:
</div>
<div style="text-align: justify;">
<ul>
<li>
Discover the network's live hosts, IP addresses, and open ports. The
attacker will decide the best way to infiltrate the system by using the
open ports.
</li>
<li>
Learn about the target's operating system and system architecture. This
is also referred to as fingerprinting. An attacker can devise an attack
strategy based on the operating system's weaknesses.
</li>
<li>
Identify specific applications or versions of a particular
service.
</li>
<li>
Find out what services are running/listening on the target system. This
informs the attacker of the vulnerabilities (depending on the service)
that can be exploited to get access to the target system.
</li>
<li>
Identify flaws in any of the network systems. This enables an attacker
to compromise the target system or network via a variety of
attacks.
</li>
</ul>
</div>
<div><br /></div>
<div style="text-align: center;">
<a href="https://www.cyberwiki.in/2020/11/tcpip-3-way-handshake.html">KNOW MORE ABOUT HOW NETWORK PACKETS WORK</a>
</div>
</div>
<div><br /></div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul style="text-align: left;">
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/12/host-discovery-techniques-via-scanning.html">Host Discovery Techniques via Scanning</a>
</li><li><a href="https://www.cyberwiki.in/2024/03/port-scanning-techniques-part-1.html">Port Scanning Techniques</a></li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-33692402507230337632023-11-30T19:41:00.000+05:302023-11-30T19:41:02.609+05:30Footprinting through Social Engineering<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlgST_DVxlMwvbP0dRAhcjonwMiV9behFdVFs04bK6SH5RPIKoNg9m4c9BkZvm_Mic4-fNPYnjk7KM_RwuUrT5si7y5BkQ2IDYXKAgyLn2uAluoLUrHzrEsGjr7OllU2XNQ0_sZRdl20dWOOgR4Qe0ODZcUdHhyphenhyphenMVjpiMLmtxSKA3FehUt9H1P86PUQA8/s1280/Footprinting%20through%20Social%20Engineering%20Cover.jpg"
imageanchor="1"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlgST_DVxlMwvbP0dRAhcjonwMiV9behFdVFs04bK6SH5RPIKoNg9m4c9BkZvm_Mic4-fNPYnjk7KM_RwuUrT5si7y5BkQ2IDYXKAgyLn2uAluoLUrHzrEsGjr7OllU2XNQ0_sZRdl20dWOOgR4Qe0ODZcUdHhyphenhyphenMVjpiMLmtxSKA3FehUt9H1P86PUQA8/w640-h360/Footprinting%20through%20Social%20Engineering%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<div style="text-align: justify;">
The art of obtaining information from people by exploiting their weaknesses is
called social engineering. Social engineering is a non-technical
technique in which an attacker knowingly induces a victim to provide
confidential information.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;"></div>
<p></p>
<div style="text-align: justify;">
The goal of social engineering is to get the necessary confidential
information and then utilise that information maliciously. Credit card
information, social security numbers, usernames and passwords, other personal
information, security products in use, OS and software versions, IP addresses,
server names, network layout information, and so on may be obtained using
social engineering.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Social Engineering can be performed in many ways, such as eavesdropping,
shoulder surfing, dumpster diving, impersonation, tailgating, third-party
authorization, piggybacking, reverse social engineering and so on.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Eavesdropping</h3>
<div>
<div style="text-align: justify;">
Eavesdropping is the act of secretly listening in on people's phones or
video conference discussions without their consent. Reading sensitive
messages from communication media such as instant messaging is also
included. The attacker obtains information by listening in on phone calls or
intercepting audio or written correspondence.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Shoulder Surfing</h3>
<div>
<div style="text-align: justify;">
Shoulder surfing is a technique used by attackers to gather important
information by discreetly observing the victim. An attacker monitors the
victim's device's actions, such as keystrokes when inputting usernames,
passwords, security codes, account numbers, credit card information,
personal identification numbers, and similar data, from behind the
victim.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Dumpster Diving</h3>
<div>
<div style="text-align: justify;">
This unsavoury approach, often known as trashing, includes the attacker
digging through garbage cans for information. Phone bills, contact
information, financial information, operations-related information,
printouts of source codes, printouts of sensitive information from the
target company's trash bins, printer waste bins, sticky notes at user's
desks, and other such data may be obtained by the attacker. Account
information may potentially be obtained via ATM trash bins by the
attacker.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Impersonation</h3>
<div>
<div style="text-align: justify;">
Impersonation is a technique in which an attacker impersonates a real or
authorised person. The attacker could pose as a courier/delivery person,
caretaker, businessman, customer, technician, or even a guest. An attacker
uses this strategy to collect sensitive information by scanning terminals
for passwords, searching critical documents on desks, digging through
dumpsters, and so on. The attacker may even attempt to overhear confidential
conversations and "should surf" for sensitive information.
</div>
</div>
<div><br /></div>
<div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-59348520732044029532023-11-30T13:40:00.001+05:302023-11-30T13:40:45.213+05:30Network Footprinting with Traceroute<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcw_PJ2x-NqXvhkuuA_RvPxr3sR30HLrysk38ohiOuSjKbPPKCGF_h0si48yD4qLVrxgnVaPUp609H4zP8uJpYjdHsQiMJVTvaHCXlAJoaFo-tRa1iuUYuSvDc0aA8Y-Oc_sbX3g7aUk55pWNZb3bBWMLsvwLaacov2aToOv6mfjRTUi-iEa4JLy9T1LA/s1280/Network%20Footprinting%20with%20Traceroute%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcw_PJ2x-NqXvhkuuA_RvPxr3sR30HLrysk38ohiOuSjKbPPKCGF_h0si48yD4qLVrxgnVaPUp609H4zP8uJpYjdHsQiMJVTvaHCXlAJoaFo-tRa1iuUYuSvDc0aA8Y-Oc_sbX3g7aUk55pWNZb3bBWMLsvwLaacov2aToOv6mfjRTUi-iEa4JLy9T1LA/w640-h360/Network%20Footprinting%20with%20Traceroute%20Cover.jpg"
width="640"
/></a>
</div>
<p style="text-align: justify;">
To undertake network footprinting, one must first obtain fundamental and vital
information about the target organisation, such as what the organisation does,
who works there, and what type of work they do. The answers to these questions
reveal information about the target network's internal structure.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
Obtaining private IP addresses can be useful to attackers. Also, the attacker
can obtain information about the network's structure and which machines are
active by using the network range. Using the network range also aids in
determining the network topology, access control device, and operating system
utilised in the target network.
</p>
<p style="text-align: justify;"><br /></p>
<div style="text-align: justify;">
<div>
To determine the network range of the target network, search the server IP
address (as determined by Whois footprinting) in the APNIC Whois database
search tool. To look for an IP address, go to the APNC website (<a
href="https://wq.apnic.net//static/search.html"
>https://wq.apnic.net//static/search.html</a
>).
</div>
<div><br /></div>
<div>
Incorrectly configured DNS servers give attackers a significant possibility
of obtaining a list of internal machines on the server. Furthermore, if an
attacker traces the path to a machine, the internal IP address of the
gateway can be obtained, which can be valuable.
</div>
<div><br /></div>
<h3>TRACEROUTE</h3>
<div>
Traceroute programs work on the concept of ICMP protocol and use the TTL
field in the header of ICMP packets to discover the routers on the path to a
target host.
</div>
<div><br /></div>
<div>
The Traceroute utility can show the path IP packets take between two
systems. The utility may determine the number of routers through which
packets pass, the round-trip time (RTT<span> </span>) (the
time it takes for packets to travel between two routers), and, if the
routers have DNS records, the names of the routers and their network
affiliation. It can also pinpoint geographical locations. It works by
utilising a TTL feature of the Internet Protocol.
</div>
<div class="alert-message alert">
<i class="fa fa-info-circle"></i> The TTL field specifies the maximum number
of routers that a packet may pass through. Each router that handles a packet
subtracts one from the TTL count field in the ICMP header. When the count
reaches 0, the router discards the packet and sends an ICMP error message to
the packet's originator.
</div>
<div>
The utility logs the router's IP address and DNS name before sending another
packet with a TTL of two. This packet passes past the first router before
timing out at the next router in the path. This second router likewise
returns an error message to the original host.
</div>
<div><br /></div>
<div>
Traceroute will keep doing this and recording the IP address and name of
each router until a packet reaches the destination host or the host is
determined to be unreachable. It records the time it takes for each packet
to make a round trip to each router during the operation.
</div>
<table
align="center"
cellpadding="0"
cellspacing="0"
class="tr-caption-container"
style="margin-left: auto; margin-right: auto;"
>
<tbody>
<tr>
<td style="text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj87X8azeStXiLcXzcEpA7SS9jo9juopJhWJgh-g6N5L2rFpD8rfPNCYAwu9gOSffKi-13ht1hKEwqvWsAWdHNlV6jigTey8PsroqIeIk6nMU_jBIoJZRO43F5Veb5Is4oPHdvmHOUC0mS4_mGqhGidsNXalzai4_oHziJ_tvTsN2T6SBzz-tBUjfXPXpY/s1136/Illustration%20of%20Traceroute.jpg"
style="margin-left: auto; margin-right: auto;"
><img
border="0"
data-original-height="647"
data-original-width="1136"
height="364"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj87X8azeStXiLcXzcEpA7SS9jo9juopJhWJgh-g6N5L2rFpD8rfPNCYAwu9gOSffKi-13ht1hKEwqvWsAWdHNlV6jigTey8PsroqIeIk6nMU_jBIoJZRO43F5Veb5Is4oPHdvmHOUC0mS4_mGqhGidsNXalzai4_oHziJ_tvTsN2T6SBzz-tBUjfXPXpY/w640-h364/Illustration%20of%20Traceroute.jpg"
width="640"
/></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">
Illustration of Traceroute
</td>
</tr>
</tbody>
</table>
<div>
<div>
Finally, when it arrives at its destination, the sender will receive the
standard ICMP ping answer. The utility assists in revealing the IP
addresses of the intermediate hops in the route from the source to the
target host.
</div>
<div><br /></div>
<div>
By default, the Windows operating system uses <b>ICMP traceroute</b>.
Navigate to the command prompt and enter <b>tracert </b>followed by the
destination IP address or domain name. Many network devices are commonly
set to reject ICMP traceroute messages. An attacker in this scenario
employs TCP or UDP traceroute, often known as Layer 4 traceroute. Navigate
to the Linux Operating system terminal and enter
<b>tcptraceroute</b> followed by the destination IP address or domain
name or use <b>traceroute</b> to use UDP protocol for tracing.
</div>
</div>
<div><br /></div>
<h4>Here is an example of Traceroute from Windows:</h4>
<div>
<table
align="center"
cellpadding="0"
cellspacing="0"
class="tr-caption-container"
style="margin-left: auto; margin-right: auto;"
>
<tbody>
<tr>
<td style="text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBQaoc6FQqw0mVA6Qgs1gdbPdxrF7xcHQwa0ts4ZZv2TJdoxznU8QCeqJvJsll1TZQZepzDYG-37mxKHQaQt8wYnWtqxBUCREXQ1QhnjkogTSY1ahshgrcg2ep5znPo2aouw56opaeT49mPotncIZvs_T_EXezEeG7Znj5Ix8iJ0QVsP3EI0DbhWCtbbk/s457/Traceroute%20Analysis%20Exmaple%20Cyber%20Wiki.png"
imageanchor="1"
style="margin-left: auto; margin-right: auto;"
><img
border="0"
data-original-height="281"
data-original-width="457"
height="394"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBQaoc6FQqw0mVA6Qgs1gdbPdxrF7xcHQwa0ts4ZZv2TJdoxznU8QCeqJvJsll1TZQZepzDYG-37mxKHQaQt8wYnWtqxBUCREXQ1QhnjkogTSY1ahshgrcg2ep5znPo2aouw56opaeT49mPotncIZvs_T_EXezEeG7Znj5Ix8iJ0QVsP3EI0DbhWCtbbk/w640-h394/Traceroute%20Analysis%20Exmaple%20Cyber%20Wiki.png"
width="640"
/></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">
Example of Traceroute
</td>
</tr>
</tbody>
</table>
</div>
<div>
<ul>
<li>
Round-Trip Time (RTT) is displayed three times because for each HOP
three packets are sent.
</li>
<li><b>*</b> means not being able to determine or packet loss</li>
</ul>
</div>
<div><br /></div>
<div>
<div>
Path analyzer Pro, VisualRoute, Traceroute NG, and PingPlotter are
important traceroute programs for determining the geographical location of
routers, servers, and IP devices in a network. Such tools assist us in
tracing, identifying, and monitoring network activities on a global scale.
The following are some of the features of these tools:
</div>
</div>
<div>
<ul>
<li>Hop-by-hop traceroutes</li>
<li>Reverse tracing</li>
<li>Historical analysis</li>
<li>Packet Loss Reporting</li>
<li>Reverse DNS</li>
<li>Ping Plotting</li>
<li>Port Probing</li>
<li>Detect network problems</li>
<li>Performance metrics analysis</li>
<li>Network performance monitoring</li>
</ul>
<div><br /></div>
<div>
<div style="text-align: left;">
<b><i>You might be interested in, </i></b>
</div>
<div style="text-align: left;">
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add
a comment and we will reply as soon as possible.
</div>
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-632390128767144592023-11-29T16:27:00.001+05:302023-11-29T18:46:18.372+05:30DNS Footprinting - Extract DNS and Reverse Lookup<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNZHWkauM54vCDJc0Vf4yUq1FkGl4VKVPvqKBVRTcDkdxbLgtWAJ1qA3DUuYr9oM0NZ2_lbCj7USvPejkJKFULjcd9-SdY8-ar2jYokNrORGTY7elZzU51d3cW3tO_77uAewb8-QbusMHXJA3Gg0pJfJBie7ab0ciGa_ypDlmyFTqTEWLJsw7g-PfBTgg/s1280/DNS%20Footprinting%20-%20Extract%20DNS%20and%20Reverse%20Lookup%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNZHWkauM54vCDJc0Vf4yUq1FkGl4VKVPvqKBVRTcDkdxbLgtWAJ1qA3DUuYr9oM0NZ2_lbCj7USvPejkJKFULjcd9-SdY8-ar2jYokNrORGTY7elZzU51d3cW3tO_77uAewb8-QbusMHXJA3Gg0pJfJBie7ab0ciGa_ypDlmyFTqTEWLJsw7g-PfBTgg/w640-h360/DNS%20Footprinting%20-%20Extract%20DNS%20and%20Reverse%20Lookup%20Cover.jpg"
width="640"
/></a>
</div>
<p style="text-align: justify;">
DNS Footprinting is used by attackers to obtain information on DNS servers,
DNS records, and the types of servers used by the target organisation. This
information enables attackers to identify the hosts linked to the target
network and conduct additional exploitation on the target organisation.
</p>
<div>
DNS footprinting helps in determining the following records about the target
DNS:
</div>
<div><br /></div>
<div class="post-table">
<table>
<thead>
<tr>
<th>Record Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="Record Type">A</td>
<td data-label="Description">Points to a host's IP address</td>
</tr>
<tr>
<td data-label="Record Type">MX</td>
<td data-label="Description">Points to the domain's mail server</td>
</tr>
<tr>
<td data-label="Record Type">NS</td>
<td data-label="Description">Points to the host's name server</td>
</tr>
<tr>
<td data-label="Record Type">CNAME</td>
<td data-label="Description">
Canonical naming allows aliases to a host
</td>
</tr>
<tr>
<td data-label="Record Type">SOA</td>
<td data-label="Description">Indicate authority for a domain</td>
</tr>
<tr>
<td data-label="Record Type">SRV</td>
<td data-label="Description">Service records</td>
</tr>
<tr>
<td data-label="Record Type">PTR</td>
<td data-label="Description">Maps IP address to a hostname</td>
</tr>
<tr>
<td data-label="Record Type">RP</td>
<td data-label="Description">Responsible person</td>
</tr>
<tr>
<td data-label="Record Type">HINFO</td>
<td data-label="Description">
Host information record includes CPY types and OS
</td>
</tr>
<tr>
<td data-label="Record Type">TXT</td>
<td data-label="Description">Unstructured text records</td>
</tr>
</tbody>
</table>
</div>
<div><br /></div>
<div style="text-align: justify;">
DNS interrogation tools such as
<a href="https://www.broadbandsearch.net/dns-records" target="_blank"
>DNS Lookup</a
>
enable users to perform DNS footprinting. When the attacker uses the DNS
interrogation tool to query the DNS server, the server responds with a record
structure containing information about the target DNS. DNS entries contain
critical information about the location and type of server.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Tools like DNSdumpster.com, Bluto, and Domain Dossier can be used to retrieve
DNS records for specified domains or hostnames.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Reverse Lookup</h3>
<div style="text-align: justify;">
<div>
DNS lookup is used to find the IP addresses for a given domain name, while
reverse DNS is used to find the domain name of a given IP address. A record
converts a domain name to an IP address (<i
>To know more - <a
href="https://www.cyberwiki.in/2020/12/dns-servers-explained.html"
>https://www.cyberwiki.in/2020/12/dns-servers-explained.html</a
></i
>). Attackers use a reverse DNS lookup on the IP range to find a DNS PTR
record for such IP addresses.
</div>
<div><br /></div>
<div>
Attackers use various tools such as
<a href="https://github.com/darkoperator/dnsrecon" target="_blank"
>DNSRecon</a
>
and
<a
href="https://www.yougetsignal.com/tools/web-sites-on-web-server/"
target="_blank"
>Reverse IP Domain Check</a
>
to perform the reverse DNS lookup on the target host. When we get an IP
address or a range of IP addresses, we can use these tools to obtain the
domain name. Attackers also discover additional domains that use the same
web server and build a list of potential domains that use the same web
server using tool like Reverse IP Domain Check.
</div>
<div><br /></div>
<div>
<div style="text-align: left;">
<b><i>You might be interested in, </i></b>
</div>
<div style="text-align: left;">
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-8370600830133072002023-11-29T13:20:00.007+05:302023-11-29T18:46:08.489+05:30Whois Lookup and Footprinting<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSxXQ63T3zd7qoXT4xKfrR3xwJQQ6xbDI_GtC9AxcboSs1lbe5EqXhd9R3HDtOztM-Ev9JQNE_z8g6Xe8mK5Az2-H7zO3NmNO0FbgRMd-HgHu2hVKFL41JokbbydgySz4kYsZjlz5N38YiVDYHh6CKNWDQgy4e036Aa1qAY9z8hO6kn7EbcMMOOR6S6hI/s1280/Whois%20Footprinting%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSxXQ63T3zd7qoXT4xKfrR3xwJQQ6xbDI_GtC9AxcboSs1lbe5EqXhd9R3HDtOztM-Ev9JQNE_z8g6Xe8mK5Az2-H7zO3NmNO0FbgRMd-HgHu2hVKFL41JokbbydgySz4kYsZjlz5N38YiVDYHh6CKNWDQgy4e036Aa1qAY9z8hO6kn7EbcMMOOR6S6hI/w640-h360/Whois%20Footprinting%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<p style="text-align: justify;">
Whois footprinting focuses on performing a whois lookup, analysing the Whois
lookup results, and locating IP geolocation information. It helps in the
gathering of domain information such as the organization's owner, registrar,
registration data, name server, and contact information.
</p>
<p style="text-align: justify;"><br /></p>
<h3 style="text-align: justify;">WHOIS LOOKUP</h3>
<div>
<div style="text-align: justify;">
Whois is a query and response protocol that is used to search databases that
include the registered users or assignees of an Internet resource, such as a
domain name, an IP address block, or an independent system. This protocol
listens on port 43 for requests.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Regional Internet Registries (RIRs) maintain Whois databases, which contain
the personal information of domain owners. Whois query returns the following
information:
</div>
<div style="text-align: justify;">
<ul>
<li>Domain name details</li>
<li>Contact details of the domain owner</li>
<li>Domain Name Servers</li>
<li>NetRange</li>
<li>When a domain has been created</li>
<li>Expiry Records</li>
<li>Records last updated</li>
</ul>
</div>
<div>
<div style="text-align: justify;">
An attacker requests a Whois database server to gather information that can
assist them in creating a map of the organization's network, deceiving
domain owners via social engineering, and finally obtaining internal network
details.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Services like
<b style="font-style: italic;">http://whois.domaintools.com</b>,<span
style="font-style: italic;"
> </span
><span style="font-style: italic;"><b>https://www.tamos.com</b></span
>, and tools like Batch IP Converter, WhoIs Analyzer Pro, and AtiveWhois
can help perform Whois lookups and extract information. In Kali, the
pre-installed tool
<a href="https://www.kali.org/tools/whois/" target="_blank">whois</a> can be
used as well.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<b><i>You might be interested in, </i></b>
</div>
<div style="text-align: left;">
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-78058283711229515012023-11-26T21:08:00.003+05:302023-11-29T10:43:24.795+05:30Email Footprinting - Understand Email Headers and Tracking Tools<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGESQcwdFYxfpuSAhVxLXcx1kb9g77SmV7ANtwY-bO257qBt69GgMflRchV9HbjNYoT5l2wEnmKVvEP05-s6HPBzQ3nt5nY6F6wwrHZL5jgStdleRKJ8S9ulTaEYvluTO2LmvttgoPxvpu8FDjSFbbqc9vH32juuv54FAptPYwRHwEQGNgTXTtVEN1m_c/s1280/Email%20Footprinting%20-%20Understand%20Email%20Headers%20and%20Tracking%20Tools%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGESQcwdFYxfpuSAhVxLXcx1kb9g77SmV7ANtwY-bO257qBt69GgMflRchV9HbjNYoT5l2wEnmKVvEP05-s6HPBzQ3nt5nY6F6wwrHZL5jgStdleRKJ8S9ulTaEYvluTO2LmvttgoPxvpu8FDjSFbbqc9vH32juuv54FAptPYwRHwEQGNgTXTtVEN1m_c/w640-h360/Email%20Footprinting%20-%20Understand%20Email%20Headers%20and%20Tracking%20Tools%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<div>
Email Footprinting has two sections: track email communications and collect
information from email headers.
</div>
<div><br /></div>
<h3 style="text-align: left;">Track Email Communications</h3>
<div>
<div style="text-align: justify;">
Email tracking monitors the email messages of a particular user. This kind
of tracking is possible through digitally time-stamped records that reveal
the time and date when the target receives and opens a specific email. Email
tracking tools allow an attacker to collect information such as:
</div>
</div>
<div style="text-align: justify;">
<ul>
<li>Recipient's System IP Address</li>
<li>Geolocation</li>
<li>
Notifies the attacker when the email is received and read by the
recipient.
</li>
<li>
Provides information about the type of server used by the recipient, also
known as Proxy Detection.
</li>
<li>
Check whether the links sent to the recipient through email have been
checked.
</li>
<li>
Reveals information about the operating system and the browser used.
</li>
<li>
Determines whether the email sent to the user is forwarded to another
person.
</li>
<li>
Provides information about the type of device used to open and read the
email. For example, desktop computer, mobile device, or laptop.
</li>
</ul>
<div><br /></div>
</div>
<h3 style="text-align: left;">Collecting Information from Email Header</h3>
<div>
<div style="text-align: justify;">
Email headers allow attackers to trace an email's routing path before
sending it to the recipient. Each email header contains information an
attacker can use to launch attacks against the target. Viewing the email
header differs depending on the email client. The email header contains the
following information:
</div>
</div>
<div style="text-align: justify;">
<ul>
<li>Sender's mail server</li>
<li>Sender's full name</li>
<li>
The sender's IP address and the address from which the message was sent
</li>
<li>Date and time of receipt by the originator's email servers</li>
<li>Authentication system used by the sender's mail server</li>
<li>Date and time of sending the message</li>
<li>
A unique number is assigned by mx.google.com to identify the message
</li>
</ul>
<div>
<div>
By performing a deep analysis of the entire email header, the attacker can
trace and acquire all of this information.
</div>
</div>
<div><br /></div>
<div>
<div>
An attacker can use email tracking tools to follow an email and retrieve
information. When the recipients open the email, these tools send
automatic notifications. Tools such as eMailTrackerPro, Infoga, Mailtrack,
and PoliteMail, allow an attacker to extract information, such as sender
identity, mail server, sender's IP address, and location.
</div>
</div>
<div><br /></div>
<div>
<div style="text-align: left;">
<b><i>You might be interested in, </i></b>
</div>
<div style="text-align: left;">
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-27832851811792999462023-11-25T18:48:00.009+05:302023-11-29T10:44:08.272+05:30Website Footprinting - Part 1<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZMQRw0K84AX5HvIgh6bXDzz0Pq3nwkERwodxZ88jTfozd5LmZms7jeffikz2lSKA1Ps_CqyPAidlcuTiecGxjOJAABJG2j2NbvI92e9LMMFunMnUCGYp6Qs8zLnhB91y3xxaEyFdVsrF20UsTS6BSsUmHyfJAHtE4V-7xNYHIkIyPlU3yk48P06hahSs/s1280/Website%20Footprinting%20-%20Part%201%20Cover.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZMQRw0K84AX5HvIgh6bXDzz0Pq3nwkERwodxZ88jTfozd5LmZms7jeffikz2lSKA1Ps_CqyPAidlcuTiecGxjOJAABJG2j2NbvI92e9LMMFunMnUCGYp6Qs8zLnhB91y3xxaEyFdVsrF20UsTS6BSsUmHyfJAHtE4V-7xNYHIkIyPlU3yk48P06hahSs/w640-h360/Website%20Footprinting%20-%20Part%201%20Cover.png" width="640" /></a>
</div>
<br />
<p style="text-align: justify;">
Website footprinting is the technique of monitoring and analysing a target
organization's website for information. Sensitive information, such as the
names and contact details of the organization's leaders and details of
forthcoming projects, can be found on their website.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
This topic is divided into two articles. Continue Reading <a href="https://www.cyberwiki.in/2023/11/website-footprinting-part-2.html">Part 2</a>.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
Without setting off the intrusion detection system or raising the suspicions
of any system administrator, an attacker can create an in-depth schematic of
the architecture and structure of a website. Generally, navigating the target
website will provide the following data:
</p>
<p style="text-align: justify;"></p>
<ul>
<li>Software used and its version</li>
<li>Operating System used</li>
<li style="text-align: justify;">
Searches can reveal the <b>sub-directories and parameters </b>by noting
the URLs while browsing the target website.
</li>
<li style="text-align: justify;">
Analyze anything after a query that looks like a
<b>filename, path, database field name, or query </b>to check whether it
offers opportunities for SQL Injection.
</li>
<li style="text-align: justify;">
Determine the <b>scripting platform and technologies</b> the website uses by
looking at extensions such as .php, .asp, or .jsp.
</li>
<li style="text-align: justify;">
The <b>contact pages </b>usually offer details such as names, phone numbers,
email addresses, and locations of admin and support personnel which can be
used to perform social engineering attacks.
</li>
</ul>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
An attacker uses sophisticated footprinting tools or the basic tools that come
with the operating system, such as Burp Suite, Zaproxy, WhatWeb, BuiltWith,
Wappalyzer, Netcraft, and Website Informer to view headers that provide:
</div>
<div style="text-align: justify;">
<ul>
<li>Connection status and content type</li>
<li>Accept-Ranges and Last-Modified Information</li>
<li>X-Powered-By Information</li>
<li>Web Server in use and its version </li>
</ul>
<div><br /></div>
<h3>Examining the HTML source code</h3>
<div>
<div>
By looking through the HTML source code and paying attention to the
manually inserted comments, attackers can obtain sensitive information.
What's going on in the background might be revealed by reading the
comments. They might even offer the web developer or administrator's
contact information.
</div>
<div><br /></div>
<div>
Observe all the links and image tags to map the file system structure.
This will reveal the existence of hidden directories and files.
</div>
<div><br /></div>
<div>
Enter fake information to see how the script functions. Sometimes it is
possible to make changes to the source code.
</div>
</div>
<div><br /></div>
<h3>Examining Cookies</h3>
<div>
<div>
Cookies that are set by the server can be examined to find out what
software is running and how it behaves. Examine sessions and additional
supporting cookies to determine the scripting platforms. It is also
possible to obtain data regarding the domain size, cookie name, and
value.
</div>
</div>
<div><br /></div>
<h3>Mirroring Entire Website</h3>
<div>
<div>
The practice of making a duplicate or clone of the original website is
known as website mirroring. Mirroring tools like NCollector Studio and
HTTrack Web Site Copier allow users to duplicate websites.
</div>
<div><br /></div>
<div>
It constructs a directory structure for all the folders, including HTML,
photos, flash, videos, and other files from the web server on a different
machine by recursively downloading a website to a local directory. It
enables an attacker to spend more time viewing and analyzing the website
for vulnerabilities and loopholes.
</div>
</div>
<div><br /></div>
<h3>Monitoring Web Pages for Updates and Changes</h3>
<div>
Monitoring the target websites enables attackers to get access to and
identify changes in login pages, extract password-protected pages, follow
changes in software versions and driver updates, extract and save images on
updated web pages, and so on. Attackers examine the data obtained to
identify underlying weaknesses in the target website, and then exploit the
target web application based on these vulnerabilities.
</div>
<div><br /></div>
</div>
<p></p>
<div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2023/11/website-footprinting-part-2.html">Website Footprinting - Part 2</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html">Introduction to Footprinting - First Step to Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html">Information Obtained in Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html">Objective and Threats of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html">Countermeasures of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html">Footprinting - First Step on Hacking (Summary) with Tools</a>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-56623815934218948132023-11-25T18:48:00.008+05:302023-11-29T10:43:55.606+05:30Website Footprinting - Part 2<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJEws6HGZQUO9WSNDpemDhIyTeL5OKzOvdFk98mN8ufyejB316CJa3_LG20UHw6s46kjZqv7Jt0V0Si3QbO61uXD2x7-MSDUzmv8GmRI6ADJQ2z1TnsJtqF3twUH8a5j1-C7gILHur-azDy0sTh4IlVTFTI8aiZEQPeacUiwzE234giB_6xrJ9cq5MV6g/s1280/Website%20Footprinting%20-%20Part%202%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJEws6HGZQUO9WSNDpemDhIyTeL5OKzOvdFk98mN8ufyejB316CJa3_LG20UHw6s46kjZqv7Jt0V0Si3QbO61uXD2x7-MSDUzmv8GmRI6ADJQ2z1TnsJtqF3twUH8a5j1-C7gILHur-azDy0sTh4IlVTFTI8aiZEQPeacUiwzE234giB_6xrJ9cq5MV6g/w640-h360/Website%20Footprinting%20-%20Part%202%20Cover.jpg" width="640" /></a>
</div>
<br />
<p style="text-align: justify;">
Website footprinting is the technique of monitoring and analysing a target
organization's website for information. Sensitive information, such as the
names and contact details of the organization's leaders and details of
forthcoming projects, can be found on their website.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
This topic is divided into two articles. Continue Reading <a href="https://www.cyberwiki.in/2023/11/website-footprinting-part-1.html">Part 1</a>.
</p>
<p style="text-align: justify;"><br /></p>
<h3 style="text-align: justify;">Web Spiders</h3>
<div>
<div>
<div style="text-align: justify;">
Simply providing a URL to the web spider will reveal all of the files and
web pages on the target website. The web spider then launches hundreds of
requests to the target website and analyses the HTML code of all incoming
answers for additional links.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
If any new links are detected, the spider adds them to the target list and
begins spidering and analysing the new links. This technology allows
attackers to locate not only exploitable web-attack surfaces, but also all
of the directories, web pages, and files that comprise the target
website.
</div>
<div style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</div>
<div style="text-align: justify;">
<span style="text-align: left;">Web spidering <b>fails</b> if the target website has a
<b>robots.txt</b> file in its root directory that lists directories that
should not be crawled. </span>
</div>
</div>
</div>
<div><br /></div>
<div>
Attackers can use tools such as Burp Suite, WebScarab, Web Data Extractor,
ParseHub, and SpiderFoot to collect sensitive information from the target
website.
</div>
<div><br /></div>
<h3 style="text-align: left;">Extracting Website Links</h3>
<div>
<div style="text-align: justify;">
Extracting website links is a critical component of website footprinting, in
which an attacker examines a target website to establish its internal and
external links.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
An attacker can use the information acquired to discover the apps, web
technologies, and other connected websites that are linked to the target
website. Dumping the acquired links can also disclose significant
connections and extract URLs of other resources like JavaScript and CSS
files.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
This data helps attackers identify vulnerabilities in the target website and
determine how to exploit the web application.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Attackers can use various online tools or services such as Octoparse, Netpeak
Spider, and Link Extractor.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">
Extracting Website Information from https://archive.org
</h3>
<div>
<div style="text-align: justify;">
Archive is a Wayback Machine on the Internet Archive that explores old
versions of websites. An attacker can gather information about an
organization's web pages since its creation started using this method of
investigation.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Because the website <b>https://archive.org</b> keeps track of web pages from
their creation, an attacker can obtain information that has been removed
from the target website, including web pages, audio files, video files,
photos, text, and software programs. This information is used by attackers
to conduct phishing and other sorts of web application assaults on the
target organisation.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<div><br /></div>
<h3 style="text-align: left;">Gathering Worlist from the Target Website</h3>
<div>
<div style="text-align: justify;">
The words used on the target website may expose important information that
assists attackers in further exploitation. Attackers compile a list of email
addresses associated with the target website. This data enables the attacker
to conduct brute-force attacks on the target organisation. An attacker used
the CeWL tools to collect a list of terms from the target website and then
conducts a brute-force attack on the previously acquired email
addresses.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Extracting Metadata of Public Documents</h3>
<div>
<div style="text-align: justify;">
The target organization's website may contain useful material in the form of
PDF documents, Microsoft Word files, and other files in various formats. The
data mostly contains hidden information about publicly available papers that
can be examined to extract information about the target organisation.
</div>
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
<div>
An attacker can use this information to execute malicious operations against
the target organisation, such as brute-forcing authentication using staff
usernames and e-mail addresses, or social engineering to distribute malware
that can infect the target system.
</div>
<div><br /></div>
<div>
<div>
Metadata extraction tools such as Metagoofil, Exiftool, and Web Data
Extractor automatically extract critical information such as client
usernames, operating systems (OS-specific exploits), email addresses
(possibly for social engineering), list of software (version and type),
list of servers, document creation/modification date, and website
authors.
</div>
</div>
<div><br /></div>
<h3>Searching for Contact Details on the Company Website</h3>
<div>
<div>
Attackers can conduct a website search on the target company's website to
acquire vital information about the company. Websites are generally used
by organisations to inform the public about what they do, what services or
products they offer, how to content them, their partner information,
location and their branches and so on. Attackers can use this information
to launch additional assaults against the target company.
</div>
</div>
<div><br /></div>
</div>
<div><br /></div>
<div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2023/11/website-footprinting-part-1.html">Website Footprinting - Part 1</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html">Introduction to Footprinting - First Step to Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html">Information Obtained in Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html">Objective and Threats of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html">Countermeasures of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html">Footprinting - First Step on Hacking (Summary) with Tools</a>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If you have any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-91143154431710752142023-10-17T23:55:00.005+05:302023-10-17T23:55:56.703+05:30Footprinting via Social Networking<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3mLnHDai0ZRUb4n1nyAkO3AHbgu0LlKNDELQTRN962Oj2RghM6KQ-O3qPEeG25kfMa9bxLNGvUNw5LqO2KxzCB4E8bB4zVm8CbHC_duoAvPz7JqJk2W6teoDsHSxcuiVZxrce95ZlzBB6ByYQZgrj-O1Q1pKvB7yo7-5TxBeEGW0OARcllWXYQY1DlD8/s1280/Footprinting%20via%20Social%20Networking%20Sites%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3mLnHDai0ZRUb4n1nyAkO3AHbgu0LlKNDELQTRN962Oj2RghM6KQ-O3qPEeG25kfMa9bxLNGvUNw5LqO2KxzCB4E8bB4zVm8CbHC_duoAvPz7JqJk2W6teoDsHSxcuiVZxrce95ZlzBB6ByYQZgrj-O1Q1pKvB7yo7-5TxBeEGW0OARcllWXYQY1DlD8/w640-h360/Footprinting%20via%20Social%20Networking%20Sites%20Cover.jpg"
width="640"
/></a>
</div>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
Social networking websites are public internet services that enable users to
interact and develop interpersonal relationships. Sites like Facbook,
Instagram, Twitter, YouTube, Pinterest, and LinkedIn are being used more
frequently as a result of being able to connect with friends and family on one
and exchange professional profiles on another.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
Attackers can leverage these websites to their advantage because people
usually maintain profiles on social networking sites to provide basic
information of themselves like, names of spouses, dates of birth, educational
backgrounds, and career histories to maintain connections with others.
Organisations frequently publish information about partners they might work
with, websites, and forthcoming company news.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
The following table provides a summary of user activity on social networking
sites and the associated data that an attacker may get.
</p>
<div style="text-align: justify;"><br /></div>
<div class="post-table">
<table>
<thead>
<tr>
<th>What Users Do</th>
<th>What Attacker Gets</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="What Users Do">Maintain Profile</td>
<td data-label="What Attacker Gets">
Contact Infomation, friends information, information about family
members, interests, and activities
</td>
</tr>
<tr>
<td data-label="What Users Do">Connect to friends, chat</td>
<td data-label="What Attacker Gets">
Friends list, sensitive information via chatting
</td>
</tr>
<tr>
<td data-label="What Users Do">Share photos and videos</td>
<td data-label="What Attacker Gets">
Identity of family members, interests, and related information
</td>
</tr>
<tr>
<td data-label="What Users Do">Play games, join groups</td>
<td data-label="What Attacker Gets">Interests</td>
</tr>
<tr>
<td data-label="What Users Do">
Create Events to notify about upcoming occassions
</td>
<td data-label="What Attacker Gets">User's Activities</td>
</tr>
</tbody>
</table>
</div>
<div style="text-align: justify;"><br /></div>
<p style="text-align: justify;">
Social networking websites are also used by organisations to communicate with
customers, advertise their products and services, and get customer feedback.
The table below provides a summary of an organization's social networking
activities and the information that an attacker may obtain from them.
</p>
<div style="text-align: justify;"><br /></div>
<div class="post-table">
<table>
<thead>
<tr>
<th>What Organizations Do</th>
<th>What Attacker Gets</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="What Organizations Do">User Surveys</td>
<td data-label="What Attacker Gets">Business Strategies</td>
</tr>
<tr>
<td data-label="What Organizations Do">Promote Products</td>
<td data-label="What Attacker Gets">Product Profile</td>
</tr>
<tr>
<td data-label="What Organizations Do">User Support</td>
<td data-label="What Attacker Gets">Social Engineering</td>
</tr>
<tr>
<td data-label="What Organizations Do">Recruitment</td>
<td data-label="What Attacker Gets">Platform/technolgoy information</td>
</tr>
<tr>
<td data-label="What Organizations Do">
Background check to hire employees
</td>
<td data-label="What Attacker Gets">Type of business</td>
</tr>
</tbody>
</table>
</div>
<div style="text-align: justify;"><br /></div>
<p style="text-align: justify;">
There are numerous online tools and services that can help you collect
important data about a target from one or more social media platforms. These
services give hackers the ability to follow accounts and URLs on numerous
social media sites, find the most popular content shared across social media
sites by using hashtags or keywords, find a target's email address, etc.
Attackers can use this information to carry out phishing, social engineering,
and other forms of assaults.
</p>
<p style="text-align: justify;"><br /></p>
<div style="text-align: justify;">
<ul>
<li>
Tools like Google Trends, Hashatit, BuzzSumo, and Ubersuggest can be use
to locate information.
</li>
<li>
Tools like Hootsuite, Followeronk, and Sysomos can be use to search for
both geotagged and non-geotagged information.
</li>
<li>
Tools like Social Searcher, Sherlock, theHarvester, UserRecon can be use
to gather sensitive information about the target via footprinting social
networking sites.
</li>
</ul>
<div><br /></div>
<div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment
and we will reply as soon as possible.
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-14516353748537246702023-09-25T01:49:00.005+05:302023-09-25T01:49:43.715+05:30Techniques to Determine Operating System<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfg80n_zJHHN84uhC5AcEOB7linjvxSxXJLJx70wBIRkFeCwlr2UjG7DNNLCs0vlXsTj0bzCwdbaRKhQCxZT1s3vY_EKZq5gNTLZah5JKSxQEcUVmlZ5VvSGc-WpgHL_1Cq-8ukLF8xRgyBz9HOJDIKQDw-CUEDititfahIfUk7jcSYmKNuhWnu_hztRk/s1280/Techniques%20to%20Determine%20Operating%20System%20Cyber%20Wiki%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfg80n_zJHHN84uhC5AcEOB7linjvxSxXJLJx70wBIRkFeCwlr2UjG7DNNLCs0vlXsTj0bzCwdbaRKhQCxZT1s3vY_EKZq5gNTLZah5JKSxQEcUVmlZ5VvSGc-WpgHL_1Cq-8ukLF8xRgyBz9HOJDIKQDw-CUEDititfahIfUk7jcSYmKNuhWnu_hztRk/w640-h360/Techniques%20to%20Determine%20Operating%20System%20Cyber%20Wiki%20Cover.jpg"
width="640"
/></a>
</div>
<p style="text-align: justify;">
Attackers use various internet tools, including Netcraft, Shodan, Nmap, and
Censys, and tactics to identify the target organization's operating system.
Such information also helps attackers spot potential weaknesses and discover
efficient strategies to attack the target.
</p>
<p style="text-align: justify;"><br /></p>
<h3 style="text-align: justify;">TECHNIQUES</h3>
<div>
<ul style="text-align: left;">
<li style="text-align: justify;">
The<b> ping</b> command can sometimes provide clues about the
OS running on a remote host based on how it responds to various ICMP
packets. For example, different OSs may have different TTL (Time To
Live) values, which can be used for OS fingerprinting.
</li>
<li style="text-align: justify;">
Connecting to a network service (such as a web server or FTP server) and
examining the banners or answers it provides is known as "<b
>banner grabbing</b
>". The OS and version operating on the target system may be revealed by
the information in these banners.
</li>
<li style="text-align: justify;">
<b>Active Fingerprinting Tools </b>like p0f and Xprobe2 perform
active OS fingerprinting by sending specially crafted packets to a target
and analyzing the responses to determine the OS and sometimes even the
version.
</li>
<li style="text-align: justify;">
<b>Passive Fingerprinting </b>techniques involve observing network
traffic patterns and characteristics without actively probing the target.
Tools like p0f can also be used for passive fingerprinting.
</li>
<li style="text-align: justify;">
Sometimes, information about the client's OS and browser can be found in
the <b>HTTP User-Agent Strings</b> header, which is used in web
application security analyses. OS detection can be done using this
information.
</li>
<li style="text-align: justify;">
<b>Port Scanning</b> tools like Netcat or Masscan can be used to identify
open ports on a target system. The combination of open ports and known
services running on them can provide clues about the underlying OS.
</li>
<li style="text-align: justify;">
Performing a <b>reverse DNS lookup</b> on an IP address can sometimes
reveal the hostname associated with it. The hostname may reveal
information about the OS or the company.
</li>
<li style="text-align: justify;">
The OS of a server can occasionally be determined by looking at
<b>DNS records</b> and historical data based on the domain or subdomain
names.
</li>
<li style="text-align: justify;">
<b>Machine Learning-Based Techniques:</b> Some advanced OS detection
methods use machine learning algorithms to analyze network traffic
patterns and make predictions about the underlying OS.
</li>
</ul>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">TOOLS</h3>
<div style="text-align: justify;">
<ul>
<li>
<b>Netcraft: </b>Attackers use the
<a href="https://sitereport.netcraft.com/" target="_blank">Netcraft</a
> tool to identify all the sites associated with the target domain
along with the operating system running at each site.
</li>
<li>
<b><a href="https://www.shodan.io/" target="_blank">Shodan</a> </b>is a
computer search engine that searches the Internet for connected devices
(routers, servers and IoT). You can use Shodan to discover which devices
are connected to the Internet, where they are located, and who is using
them.
</li>
<li>
<b
><a
href="https://www.cyberwiki.in/2021/02/nmap-service-version-and-os-detection.html"
>Nmap</a
></b
>, short for Network Mapper is a free and open-source command-line (CLI)
tool for network discovery and security assessment.
</li>
<li>
<b><a href="https://search.censys.io/" target="_blank">Censys</a></b
> monitors the infrastructure and discovers unknown assets anywhere
on the Internet. It provides a full view of every server and device
exposed to the Internet. Attackers use this program to keep an eye on
the target IT infrastructure and find all the devices connected to the
internet, as well as information about them such as the operating
system, IP address, protocols, and location.
</li>
<li>
<a href="https://lcamtuf.coredump.cx/p0f3/" target="_blank">p0f v3</a
> is a well-known sniffer that uses a vast array of complex methods
to examine intercepted packets and OS fingerprints. The creators claim
that p0f v3 can identify the operating system running on a distant
computer even when Nmap is unable to do so (for example, when the
network is firewalled).
</li>
<li>
<a href="https://sourceforge.net/projects/xprobe/">X probe</a> is the
active fingerprinting technique tool similar to Nmap's approaches and
use cases. Most notably, the X probe may identify suspicious nodes with
altered TCP/IP stack configurations as well as honeypots (i.e., decoy
servers used to entice and expose unwary hackers).
</li>
<li>
<b><a href="https://www.ettercap-project.org/">Ettercap</a> </b>is
a sniffer that is widely known in hackers’ narrow circles as a tool
frequently used for MiTM attacks. Ettercap supports nearly all Linux
versions (except for OpenSuSe) and UNIX/BSD platforms (except for
Solaris). Some geniuses have reportedly launched Ettercap on macOS, but
their names are kept secret for security reasons.
</li>
</ul>
<div><br /></div>
</div>
</div>
<div style="text-align: justify;">
It's vital to remember that OS detection may not always be precise because it
depends on a number of variables that the target system may change or conceal.
Additionally, ethical considerations and legal regulations must be followed
when performing OS detection on remote systems, especially those not under
your control. Before engaging in any network scanning or probing
operations, always be sure you have the right authorization.
</div>
<div><br /></div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-72420118141712264422023-09-20T11:41:00.000+05:302023-09-20T11:41:22.241+05:30the Harvester - Passive Information Gathering Tool<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJfxg3-BoBK0QJTyAhKdLXwoDqmCp3t6Be48e_bZwGIM2kSmdoSdUpQwJND5CJ1vjX1llWxLMvYJiyhvgOqZCxaO1F6BAyWM3BFcq0LusoOUMzS5EIDUzukzKZsv1LLz5YrHfkd2gIECcEpm5OOnFmXPEKzWmq3-L9be7JcrLpgWznS5FQGg9JeXAOP14/s1280/the%20Harvester%20-%20Passive%20Information%20Gathering%20Tool%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJfxg3-BoBK0QJTyAhKdLXwoDqmCp3t6Be48e_bZwGIM2kSmdoSdUpQwJND5CJ1vjX1llWxLMvYJiyhvgOqZCxaO1F6BAyWM3BFcq0LusoOUMzS5EIDUzukzKZsv1LLz5YrHfkd2gIECcEpm5OOnFmXPEKzWmq3-L9be7JcrLpgWznS5FQGg9JeXAOP14/w640-h360/the%20Harvester%20-%20Passive%20Information%20Gathering%20Tool%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<p style="text-align: justify;">
theHarvester, an open-source reconnaissance tool used by security
professionals and ethical hackers, to learn more about possible targets before
conduction a penetration test or security assessment. <span
style="text-align: left;"
>It is primarily intended for data collection and can assist users in
acquiring a variety of information about a target, including email
addresses, subdomains, hostnames, open ports, and more. </span
><span style="text-align: left;"
>This data can be useful for determining potential attack vectors and
evaluating the security of an organization's online presence.</span
>
</p>
<p style="text-align: justify;">
<span style="text-align: left;"><br /></span>
</p>
<h3 style="text-align: justify;">
<span style="text-align: left;">KEY FEATURES</span>
</h3>
<p style="text-align: left;"></p>
<ul style="text-align: left;">
<li style="text-align: justify;">
<b>Email Harvesting:</b> theHarvester can search for email addresses
associated with a domain by querying search engines, DNS data, and public
sources. It can be used to identify potential targets for phishing attacks
or to gather contact information for a target organization.
</li>
<li style="text-align: justify;">
<b>Subdomain Enumeration:</b> It can enumerate subdomains of a target
domain by querying DNS servers. This can help identify additional entry
points or services associated with the target organization.
</li>
<li style="text-align: justify;">
<b>Hostname Discovery:</b> theHarvester can discover hostnames and IP
addresses associated with a domain, providing insights of the target's
infrastructure.
</li>
<li style="text-align: justify;">
<b>Search Engine Scraping:</b> It can scrape search engine like Google,
Bing, and Shodan provide results for particular keywords and domain
names, helping in identifying online assets related to the target.
</li>
<li style="text-align: justify;">
<b>Exporting Results:</b> Users can export the gathered information in
various formats, including CSV and XML, for further analysis or reporting.
</li>
</ul>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">INSTALLATION</h3>
<div>
<ul style="text-align: left;">
<li>
<b>Method 1:</b> In Linux distro, using
<b style="font-style: italic;">apt </b>command i.e.,
<i style="font-weight: bold;">sudo apt install theharvester</i>.
</li>
<li><b>Method 2: Via GitHub</b></li>
<ul>
<li>
<b>Clone </b>GitHub Repositroy using command
<i style="font-weight: bold;"
>git clone https://github.com/laramies/theHarvester</i
>.
</li>
<li>
<b>Build </b>the tool via Python using command <b><i>sudo</i></b
> <i style="font-weight: bold;">python3 setup.py build</i>. (Make
sure to CD into the theHarvester directory)
</li>
<li>
<b>Install</b> via command
<i style="font-weight: bold;">sudo python3 setup.py install</i>.
</li>
</ul>
</ul>
<div><br /></div>
</div>
<h3 style="text-align: left;">USAGE</h3>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitB1VpzP9NjLTqnI41a_x38K82Xv1Oe3cxYB2mnnRZTXbw11ikeWMsfRD-Ho9_jdKBeAdn09PIxSj1w1OK3dXMJtXFWpwjh7AXAsbcKjQpOJAaumZxH0HpGmw8pK7MoHBXL546Sbo743ibtsW2Owzxl8oZkzfQR5P8zMui7JmYGLloM_N8RrCc8fNotNA/s911/theharvester_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="478"
data-original-width="911"
height="336"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitB1VpzP9NjLTqnI41a_x38K82Xv1Oe3cxYB2mnnRZTXbw11ikeWMsfRD-Ho9_jdKBeAdn09PIxSj1w1OK3dXMJtXFWpwjh7AXAsbcKjQpOJAaumZxH0HpGmw8pK7MoHBXL546Sbo743ibtsW2Owzxl8oZkzfQR5P8zMui7JmYGLloM_N8RrCc8fNotNA/w640-h336/theharvester_cyberwiki.PNG"
width="640"
/></a>
</div>
<div style="text-align: center;">
<b
><span style="font-family: courier;"
>theHarvester -d hackhunt.in -l 10 -b bing</span
></b
>
</div>
<div style="text-align: center;"><br /></div>
<div>
In the above command, -d specifies the domain used for harvesting the emails,
-l will limit the results to 10, and -b tells to extract the results from the
Bing Search engine; alternatively, you can use Baidu, DuckDuckGo, Brave,
etc.
</div>
<div> </div>
<h3 style="text-align: left;">OPTIONS</h3>
<div class="post-table">
<table>
<thead>
<tr>
<th style="width: 20%;">Flag</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="Flag">-d DOMAIN</td>
<td data-label="Description">Company name or domain to search</td>
</tr>
<tr>
<td data-label="Flag">-l LIMIT</td>
<td data-label="Description">
Limit the number of search results, default=500
</td>
</tr>
<tr>
<td data-label="Flag">-S START</td>
<td data-label="Description">Start with result number X, default=0</td>
</tr>
<tr>
<td data-label="Flag">-s</td>
<td data-label="Description">Use Shodan to query discovered hosts</td>
</tr>
<tr>
<td data-label="Flag">--screenshot</td>
<td data-label="Description">
Take screenshots of resolved domains specify output directory:
--screenshot output_directory
</td>
</tr>
<tr>
<td data-label="Flag">-e DNS_SERVER</td>
<td data-label="Description">DNS server to use for lookup</td>
</tr>
<tr>
<td data-label="Flag">-f FILENAME</td>
<td data-label="Description">
Save the results to an XML and JSON file
</td>
</tr>
<tr>
<td data-label="Flag">-b SOURCE</td>
<td data-label="Description">
anubis, baidu, bevigil, binaryedge, bing, bingapi, bufferoverun,
brave, censys, certspotter, criminalip, crtsh, dnsdumpster,
duckduckgo, fullhunt, github-code, hackertarget, hunter, hunterhow,
intelx, netlas, onyphe, otx, pentesttools, projectdiscovery, rapiddns,
rocketreach, securityTrails, sitedossier, subdomaincenter,
subdomainfinderc99, threatminer, tomba, urlscan, virustotal, yahoo,
zoomeye
</td>
</tr>
</tbody>
</table>
</div>
<div><br /></div>
<div style="text-align: justify;">
It's important to note that theHarvester should only be used for legal
security testing and research reasons, and its use should always adhere to all
applicable laws and regulations. Legal consequences may result from the use of
this technology unlawfully or maliciously. theHarvester is frequently used by
security experts and ethical hackers as part of a thorough security assessment
to assist organisations in identifying and resolving vulnerabilities in their
online infrastructure.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
<b><i>You might be interested in,</i></b>
</div>
<div style="text-align: justify;">
<ul>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
target=""
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
</ul>
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-12140651913888723382023-07-20T15:48:00.001+05:302023-07-20T15:50:05.748+05:30Configure Burpsuite Proxy for Mobile Application<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgftC8O3Eo4DzG-sEqMBLTCvxao5vfARN0CpSGLbXNCl9GqvhQ7r3vCZal7QJSBJO5uuCfKkWzIoufC150GW-ewVAxTOk8j6uatuyVnxfn0dKsBctpaLvcJmYfW6Hr285YUoRkowVkTyPJYsgTdkb_RkfuVs1V4nnlkg8L4ahuFgDI-ebEL3N2JjJVsDMo/s1280/Configure%20Burpsuite%20Proxy%20for%20Mobile%20Application%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgftC8O3Eo4DzG-sEqMBLTCvxao5vfARN0CpSGLbXNCl9GqvhQ7r3vCZal7QJSBJO5uuCfKkWzIoufC150GW-ewVAxTOk8j6uatuyVnxfn0dKsBctpaLvcJmYfW6Hr285YUoRkowVkTyPJYsgTdkb_RkfuVs1V4nnlkg8L4ahuFgDI-ebEL3N2JjJVsDMo/w640-h360/Configure%20Burpsuite%20Proxy%20for%20Mobile%20Application%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<p style="text-align: justify;">
Burp Suite is a graphical tool and integrated platform for performing
application security testing. Its numerous tools work in unison to assist the
entire testing process, from mapping and analyzing an application's attack
surface to detecting and exploiting security vulnerabilities.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
From our previous blog, we were redirected to <b>Dashboard </b>and
used BurpSuite's Chromium Browser. Now let's set up the proxy so Burp can
intercept and capture the browser's request. Go to
the <b>Proxy </b>tab and then to
the <b>Options </b>tab. There, you'll find the IP
address <b>127.0.0.1</b> and port <b>8080</b>, which are the
default configuration.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;"></p>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/a/AVvXsEjHr04ieQdv9oM_lLBNCLhNpyoUQKq64XxUenOjoOvH2-IYwcrEgXmLN9juJw2MP1jMzu_XwxJb_BRr3rgPjil7QHdKb5e6qMdzzIjFvrmZuOW7ZwWzgXAOgtMjzLVgDSkZbUBafdQ1-EtorSqAzVwSOPj9lyaJ-mCDjXv6bVPVauebncCPRObfoZkWf3c"
style="margin-left: 1em; margin-right: 1em;"
><img
alt=""
data-original-height="263"
data-original-width="640"
height="264"
src="https://blogger.googleusercontent.com/img/a/AVvXsEjHr04ieQdv9oM_lLBNCLhNpyoUQKq64XxUenOjoOvH2-IYwcrEgXmLN9juJw2MP1jMzu_XwxJb_BRr3rgPjil7QHdKb5e6qMdzzIjFvrmZuOW7ZwWzgXAOgtMjzLVgDSkZbUBafdQ1-EtorSqAzVwSOPj9lyaJ-mCDjXv6bVPVauebncCPRObfoZkWf3c=w640-h264"
width="640"
/></a>
</div>
<br />
<h3 style="text-align: left;">
STEP 1: CONFIGURE BURPSUITE
</h3>
<div>
<ul style="text-align: left;">
<li style="text-align: justify;">
Click on <b>Add</b>, under <b>Proxy Listeners</b>.
</li>
<li style="text-align: justify;">
In the <b>Binding</b> tab, set <b>Bind to Port</b> to
<i>8082 (or port that is not in use)</i>.
</li>
<li style="text-align: justify;">
You can select <b>All Interfaces </b>or Choose the Interface by selecting
<b>Specific Address</b>.
</li>
</ul>
<table
align="center"
cellpadding="0"
cellspacing="0"
class="tr-caption-container"
style="margin-left: auto; margin-right: auto;"
>
<tbody>
<tr>
<td style="text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-dYNi9SiAR22_4DFxDF0w64xKv12HBydBrxgfTNvg0kD2BFFYpHeHwjsjqEgFUk-m_FVkc6Ky-y9WSiJMI2CEtkMboSOg947TzVSBBE5Yffc_PO6PFuXHaizVf3HoSGbOukzBHJ845-jlOZNoO1Evd02nZ5e6FPbR3hMH2TBv6rTPq3J3GxfTZTejSo/s474/burpsuite_binding_port_cyberwiki.PNG"
style="margin-left: auto; margin-right: auto;"
><img
border="0"
data-original-height="191"
data-original-width="474"
height="258"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-dYNi9SiAR22_4DFxDF0w64xKv12HBydBrxgfTNvg0kD2BFFYpHeHwjsjqEgFUk-m_FVkc6Ky-y9WSiJMI2CEtkMboSOg947TzVSBBE5Yffc_PO6PFuXHaizVf3HoSGbOukzBHJ845-jlOZNoO1Evd02nZ5e6FPbR3hMH2TBv6rTPq3J3GxfTZTejSo/w640-h258/burpsuite_binding_port_cyberwiki.PNG"
width="640"
/></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">
Binding All Interfaces
</td>
</tr>
</tbody>
</table>
<div class="separator" style="clear: both; text-align: center;"><br /></div>
<table
align="center"
cellpadding="0"
cellspacing="0"
class="tr-caption-container"
style="margin-left: auto; margin-right: auto;"
>
<tbody>
<tr>
<td style="text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM9onJa33i5NHlECg48ByojUVwO0Lq3Kf5x93FZI0UFNgnLSG1c4GCWBPzt-0_OryhiDhxOCzbX06qFBpFGxgBgLrLe8RyOPbJqqttY0y4XY2_EP7HoM6JRYFq8AZ4sFhY7ajzfQ_n2E4UrNykKNGcCVc7eIFf41ppdIB1Iu2Ga5BoLnOUeiJN4TOgVZQ/s485/burpsuite_binding__ip_port_cyberwiki.PNG.PNG"
style="margin-left: auto; margin-right: auto;"
><img
border="0"
data-original-height="239"
data-original-width="485"
height="316"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM9onJa33i5NHlECg48ByojUVwO0Lq3Kf5x93FZI0UFNgnLSG1c4GCWBPzt-0_OryhiDhxOCzbX06qFBpFGxgBgLrLe8RyOPbJqqttY0y4XY2_EP7HoM6JRYFq8AZ4sFhY7ajzfQ_n2E4UrNykKNGcCVc7eIFf41ppdIB1Iu2Ga5BoLnOUeiJN4TOgVZQ/w640-h316/burpsuite_binding__ip_port_cyberwiki.PNG.PNG"
width="640"
/></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">
Binding on Selected IP Address
</td>
</tr>
</tbody>
</table>
<ul style="text-align: left;">
<li>Click on <b>Yes</b>, when prompted. </li>
</ul>
<div><br /></div>
<h3 style="text-align: left;">STEP 2: CONFIGURE MOBILE DEVICES</h3>
<h4 style="text-align: left;">
<ul style="text-align: left;">
<li>
<span style="font-weight: normal;">Go to </span>settings
<span style="font-weight: normal;">in your device and </span>select
<span style="font-weight: normal;"
>the Wi-Fi you are connected to. </span
>
</li>
<ul>
<li>
<span style="font-weight: normal;">For </span>iOS<span
style="font-weight: 400;"
>, </span
>
</li>
<ul>
<li>
<span style="font-weight: 400;">You need to touch the small </span
>i<span style="font-weight: normal;"
> next to Wi-Fi you are using. </span
>
</li>
<li>
<span style="font-weight: 400;">Go to </span>Configure Proxy<span
style="font-weight: normal;"
>.</span
>
</li>
</ul>
<li>
<span style="font-weight: normal;">For </span>Android<span
style="font-weight: normal;"
>, </span
>
</li>
<ul>
<li>
<span style="font-weight: normal;"
>Just touch the Wi-Fi name. </span
>
</li>
<li>
<span style="font-weight: normal;"
>Find Configure Proxy option. It might be available under
Advance.</span
>
</li>
</ul>
</ul>
<li>
<span style="font-weight: normal;">Set </span
><span
>Server <span style="font-weight: normal;"
>to the IP Address of the commuter that is running Burp Suite, in
our example <i>192.168.0.180</i>.</span
></span
>
</li>
<li>
<span
><span style="font-weight: normal;">Set </span>Port<span
style="font-weight: normal;"
> to the port value that you configured for the Burp Proxy, in
our example <i>8082</i>.</span
></span
>
</li>
<li>
<span
><span style="font-weight: normal;">Touch </span>Save<span
style="font-weight: normal;"
>.</span
></span
>
</li>
</ul>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2oaEb1ki_jYh2J3X70OOzrgfU4rxUhNdMHJVIbIhh5JJ_haPj1t09_QHP6SHQWzVbGcEJmGmJXoYOx2FEORs9HzDKBtcEEY7Rzm7FJhVKbI7kvj6_DeESMhLdJokMz6JdqHB9NKX3WVvLM77MRnZ4kHmx3Zhbg-Qv4P60Y3OL13lGAOqxsyZUJH9n8Sg/s899/configure_proxy_for_burpsuite_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="810"
data-original-width="899"
height="576"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2oaEb1ki_jYh2J3X70OOzrgfU4rxUhNdMHJVIbIhh5JJ_haPj1t09_QHP6SHQWzVbGcEJmGmJXoYOx2FEORs9HzDKBtcEEY7Rzm7FJhVKbI7kvj6_DeESMhLdJokMz6JdqHB9NKX3WVvLM77MRnZ4kHmx3Zhbg-Qv4P60Y3OL13lGAOqxsyZUJH9n8Sg/w640-h576/configure_proxy_for_burpsuite_cyberwiki.PNG"
width="640"
/></a>
</div>
</div>
<div class="separator" style="clear: both; text-align: center;"><br /></div>
</h4>
<h3 style="text-align: left;">STEP 3: INSTALLING A CA CERTIFICATE</h3>
<div>
In order to interact with HTTPS traffic, you need to install a CA
certificate. Make sure Burp Suite is running on your computer.
</div>
</div>
<div><br /></div>
<div>To install the CA Certificate to your <b>iOS device</b>:</div>
<div>
<ul style="text-align: left;">
<li>
Use the <b>SAFARI</b> browser to go to
<i>http://burpsuite </i>and select <b>CA Certificate</b>.
</li>
</ul>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGTJKGHQ9KHJ05T7PCe6a8hVUbV5UwIppnuWg-QovdO5jkedOrgaueqLbupFNskyYyEaWtIvlNNsw7ZIjxaVoQygW2OITvgCdSQs9CiF5NGkDBxmZcGuzbORD6Izny0cdrPywsRAA6Xxs53RzKp97Y__n_F7fPm0YdGxTXFAMTpI_YU-uII43tz7H4MJE/s1534/ca_certificate_downlod_burpsuite_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="582"
data-original-width="1534"
height="242"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGTJKGHQ9KHJ05T7PCe6a8hVUbV5UwIppnuWg-QovdO5jkedOrgaueqLbupFNskyYyEaWtIvlNNsw7ZIjxaVoQygW2OITvgCdSQs9CiF5NGkDBxmZcGuzbORD6Izny0cdrPywsRAA6Xxs53RzKp97Y__n_F7fPm0YdGxTXFAMTpI_YU-uII43tz7H4MJE/w640-h242/ca_certificate_downlod_burpsuite_cyberwiki.PNG"
width="640"
/></a>
</div>
<div>
<ul style="text-align: left;">
<li>
After downloading, go to <b>Settings</b>. Select,
<b>Profile Download</b> and select <b>CA Certificate</b>.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJSdh8BBMu-q85bl3tKdfh5tkcu0CiBWOLdnvF5AqMfxqcKLHUB2c5ZvTpC64alOJp2TmmU4xIqrXQ6dQTzw-gZ45aZu_wj7NbgPpZb5ENB7Y1OUlptR5NvqOP_fQKs1FfXBXLya2WDEV2Mu_kYex--WaIU5Rsqn7cDx47MjOtnmjIK6TTPDy23L5G0xI/s707/profile_download_option_burpsuite_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="707"
data-original-width="635"
height="400"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJSdh8BBMu-q85bl3tKdfh5tkcu0CiBWOLdnvF5AqMfxqcKLHUB2c5ZvTpC64alOJp2TmmU4xIqrXQ6dQTzw-gZ45aZu_wj7NbgPpZb5ENB7Y1OUlptR5NvqOP_fQKs1FfXBXLya2WDEV2Mu_kYex--WaIU5Rsqn7cDx47MjOtnmjIK6TTPDy23L5G0xI/w359-h400/profile_download_option_burpsuite_cyberwiki.PNG"
width="359"
/></a>
</div>
<div class="separator" style="clear: both; text-align: left;">
<ul style="text-align: left;">
<li>On the <b>Install Profile</b>, select <b>Install</b>.</li>
</ul>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnwvL4bM1mA-iG_1aE1Du_csAruyh7jcHFjANSb7rs_NHqeOrnimxR5PbDAXhuYaGggxWVdXI8fSfMOzgiu1Qa6kWvShv45V5LFf0EJSFDXI6VbgQSyRi1f7ZtPHj4-rqpua4-S4UMDIKo-Dw2qUeiiEGxioHwedidBwt0au7vB8MeUpiXrnvMVDPTCDQ/s1083/install_ca_certifciate_burpsuite_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="825"
data-original-width="1083"
height="305"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnwvL4bM1mA-iG_1aE1Du_csAruyh7jcHFjANSb7rs_NHqeOrnimxR5PbDAXhuYaGggxWVdXI8fSfMOzgiu1Qa6kWvShv45V5LFf0EJSFDXI6VbgQSyRi1f7ZtPHj4-rqpua4-S4UMDIKo-Dw2qUeiiEGxioHwedidBwt0au7vB8MeUpiXrnvMVDPTCDQ/w400-h305/install_ca_certifciate_burpsuite_cyberwiki.PNG"
width="400"
/></a>
</div>
<div class="separator" style="clear: both; text-align: left;">
<ul style="text-align: left;">
<li>When the profile is installed, select <b>Done</b>. </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA45rDr6gCOay80pFpeoIhfRM58MWNZk0s0vq7E68k0aNvPZjlTC8F2aJh5Hq52hZu932jc2cua4f1-xP1RPVKrjeEC9KbHzj251YpxATCVvhXwLrd_d8rr5fCfpVcCqiOS_uJbIL2qFOUhMsnToF_GzJv5UI6J_6A_tge0qhyLfP1IxbH9ZO_H4a1ej4/s1081/installed_certi_burpsuite_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="665"
data-original-width="1081"
height="246"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA45rDr6gCOay80pFpeoIhfRM58MWNZk0s0vq7E68k0aNvPZjlTC8F2aJh5Hq52hZu932jc2cua4f1-xP1RPVKrjeEC9KbHzj251YpxATCVvhXwLrd_d8rr5fCfpVcCqiOS_uJbIL2qFOUhMsnToF_GzJv5UI6J_6A_tge0qhyLfP1IxbH9ZO_H4a1ej4/w400-h246/installed_certi_burpsuite_cyberwiki.PNG"
width="400"
/></a>
</div>
<div>
<ul style="text-align: left;">
<li>
Go to
<b>Settings > General > About > Certificate Trust Settings</b
>.
</li>
<li>Activate the toggle switch for <i>PortSwiggerr CA</i>. </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJevIFqTiaOApBoIbhrE4onLOyu2F3AtKcucfAIUtH8zbN6SHYAwxDWguIi4jvrdH8c42uRIN77s8JtxqI7JFfz9WrR3Lx6TvJtk5RnO4zyblthJ1RaOpdI7hJelDZ8pQljz2PRQudQCOPESqXX2RJiScuna9Lr342kEwAaxi92q6cIf1wdSZrUzqcwHM/s893/toggle_certificate_burpsuite_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="648"
data-original-width="893"
height="290"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJevIFqTiaOApBoIbhrE4onLOyu2F3AtKcucfAIUtH8zbN6SHYAwxDWguIi4jvrdH8c42uRIN77s8JtxqI7JFfz9WrR3Lx6TvJtk5RnO4zyblthJ1RaOpdI7hJelDZ8pQljz2PRQudQCOPESqXX2RJiScuna9Lr342kEwAaxi92q6cIf1wdSZrUzqcwHM/w400-h290/toggle_certificate_burpsuite_cyberwiki.PNG"
width="400"
/></a>
</div>
<br />
<div>To install the certificate on your <b>Android device</b>:</div>
</div>
</div>
<div>
<ul style="text-align: left;">
<li style="text-align: justify;">
This step is complicated and it varies across devices and versions of
Android.
</li>
<li style="text-align: justify;">
In addition, you need to make further configuration changes in order to
proxy HTTPS traffic from a Chrome browser that's at version 99 or above.
</li>
<li style="text-align: justify;">
Note that, if you install the certificate directly it may be a chance
that it will be installed for the USER and not the SYSTEM. Therefore,
the proxy will only work for the Browser and the Applications. That is
why, following the below steps to install the certificate is
necessary. Although, some device allows you to install the
certificate as ROOT if that is the case you do not have to follow the
below steps.
</li>
<li style="text-align: justify;">
For further information on how to perform these steps, you can refer to
the following external links. Please note that we're not responsible for
the content of these pages:
</li>
<ul>
<li>
<a
href="https://blog.ropnop.com/configuring-burp-suite-with-android-nougat"
target="_blank"
>Installing a CA certificate on your Android device.</a
>
</li>
<li>
<a
href="https://httptoolkit.com/blog/chrome-android-certificate-transparency/"
target="_blank"
>Configuration for a Chrome browser at version 99 or above.</a
>
</li>
</ul>
</ul>
<div class="alert-message warning">
<i class="fa fa-exclamation-triangle"></i> On some Android emulators, you
will need to add the proxy details from the emulator settings menu rather
than the native Network/Wi-Fi settings on the emulated device.
</div>
</div>
</div>
<div>
<b><i>You might be interested in,</i></b>
</div>
<div>
<ul>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-burpsuite-and.html"
>Introduction and Installation of BurpSuite</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/configure-burpsuite-proxy-for-web.html"
>Configure BurpSuite Proxy for Web Application</a
>
</li>
<li>Fuzzing via BurpSuite</li>
</ul>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-60055959705484701432023-07-18T17:10:00.006+05:302023-07-18T18:25:18.913+05:30Footprinting through Web Services - Part 2<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDVl6ac-dC6Q9ECLiOgXgL7IGX5sqA89En9TpQRD_tewnUyxe3J0Z0sLO1G6Mq9UtMYWdt7M5NvypBO6vSKBwffkBPG4uuRwhxHtSvGwrAlQ6HbsOEVRGCE20ZRA7nMvE82yXKpSIZcVWkU8ET_HZwKeLyS2VCio1_69mYGt04N_9Qd4ND5vb0OcWt1LE/s1280/Footprinting%20through%20Web%20Services%20-%20Part%202%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDVl6ac-dC6Q9ECLiOgXgL7IGX5sqA89En9TpQRD_tewnUyxe3J0Z0sLO1G6Mq9UtMYWdt7M5NvypBO6vSKBwffkBPG4uuRwhxHtSvGwrAlQ6HbsOEVRGCE20ZRA7nMvE82yXKpSIZcVWkU8ET_HZwKeLyS2VCio1_69mYGt04N_9Qd4ND5vb0OcWt1LE/w640-h360/Footprinting%20through%20Web%20Services%20-%20Part%202%20Cover.jpg" width="640" /></a>
</div>
<p style="text-align: justify;">
In this section, we'll show you how to use web resources, including personal
search engines, social networking sites, financial services, third-party data
repositories, groups, forums, blogs, and more, to obtain publically available
information about the target organisation. Using this information, an
attacker may build a hacking strategy to break into the target organization's
network and carry out advanced system attacks.
</p>
<p></p>
<p><br /></p>
<p style="text-align: justify;">
This topic is divided into two articles. Continue Reading
<a href="https://www.cyberwiki.in/2023/07/footprinting-through-web-services-part-1.html">Part 1</a>.
</p>
<p style="text-align: justify;"><br /></p>
<h3 style="text-align: justify;">via People Search Services</h3>
<div style="text-align: justify;">
Websites that list public records can be used to research an individual. With
this search, one can get information on relatives and friends, properties,
companies, social networking profiles, addresses, contact information, date of
birth, images, videos, and more.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Social Networking sites such as Facebook, Twitter, LinkedIn, and Instagram
allow you to find people by name, keyword, company, school, friends,
colleagues, and the people living around them. These websites contain
information that users provide in their profiles. These sites are a great
platform for finding people and their related information as the sites allow
people to share information in real-time. It is simple and
anonymous to look for people on social networking sites because many of them
enable visitors to do so without creating an account.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Through people searching, an attacker can gather critical information that
will help them in performing social engineering or other kinds of
attacks.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">via Job Sites</h3>
<div style="text-align: justify;">
On the job posting page of many organisations' websites, recruiting data is
made available, which in turn reveals hardware and software information,
network-related information, and technologies used by the business (such as
firewall, internal server types, operating system details, network appliances,
database schema, etc.).
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Additionally, hackers have access to employee resumes that have been uploaded
on job sites and can pull out details like employment history. This may
disclose technical data about the target organisation. Technical
information can be gathered from job sites such as Dice, LinkedIn,
Monster.com, naukri.com, and Simply Hired to detect underlying vulnerabilities
in the target IT infrastructure.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">via Business Profile Sites</h3>
<div style="text-align: justify;">
A crucial element in the information-gathering process is finding helpful
information on corporate websites. Attackers can acquire vital details about
the target companies, like their location, phone numbers, email addresses,
personnel databases, department names, service offerings, and industry, by
using business profile websites like opencorporates, corporationwiki, and
Crunchbase.
</div>
<div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">via Groups, Forums, and Blogs</h3>
<div style="text-align: justify;">
Attackers frequently concentrate their search for information on groups,
forums, and blogs to learn more about a target organisation and its members.
Organisations frequently overlook the exchange of information that employees
reveal to other users via such platforms. Attackers take advantage of
this and gather sensitive data about the target, including details about its
public network, its system, and the personal information of its employees
like,
</div>
<div style="text-align: justify;">
<ul>
<li>Full Name, Place of Work and Residence.</li>
<li>
Personal and Organizational mobile numbers and email addresses.
</li>
<li>
Pictures of the employee's residence or work location that include
identifiable information.
</li>
<li>Pictures of employee awards and rewards or upcoming goals. </li>
</ul>
<div><br /></div><div><br /></div>
<h3>via NNTP Usenet Newsgroups</h3>
<div>
A Usenet newsgroup is a repository containing a collection of notes or
messages on various subjects and topics that are posted by users in
different locations using the Internet. Many professionals use
newsgroups to resolve their technical issues by posting questions on
Usenet. To obtain solutions for these issues, sometimes they post more
details information about the target than needed. Attackers can get
useful information on the operating systems, software, web servers, etc. by
searching Usenet newsgroups such as Stackoverflow or mailing lists like
Newshosting, Eweka, and Supernews.
</div>
<div><br /></div><div><br /></div>
<h3>via Deep and Dark Web </h3>
<div>
To know about the Surface, Deep and Dark Web,
<a href="https://www.cyberwiki.in/2022/05/layers-of-web-surface-deep-and-dark.html">Click Here</a>.
</div>
<div><br /></div>
<div>
Attackers can gather private information about the target, including credit
card information, passport information, identification card information,
medical records, social media accounts, and the Aadhar Card Number, using
deep and dark web searching tools like Tor Browser, ExoneraTor, and
OnionLand Search Engine.
</div>
<div><br /></div>
</div>
<div><br /></div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2023/07/footprinting-through-web-services-part-1.html">Footprinting through Web Services - Part 1</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html">Introduction to Footprinting - First Step to Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html">Information Obtained in Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html">Objective and Threats of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html">Countermeasures of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html">Footprinting - First Step on Hacking (Summary) with Tools</a>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-1355623850080811072023-07-18T17:10:00.003+05:302023-07-18T17:10:44.978+05:30Footprinting through Web Services - Part 1<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTDRDltDCJrevGKDMHmPfQ_akjXtMhXqTf5S9_OT1KmcIquf6hwtD3ljGSiLH5uuQjRXYYuoBBkXXZKJjVPc2S4itbqJ6qroyDq15XIcZPEIdQW_Y-j_b4wXLwFJQg25cS2YnPlj7GY95Hs1LxtpiD3Ck86-EIa-HUTLzykl2927wb4kbmw6ESx4Y27I0/s1280/Footprinting%20through%20Web%20Services%20-%20Part%201%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTDRDltDCJrevGKDMHmPfQ_akjXtMhXqTf5S9_OT1KmcIquf6hwtD3ljGSiLH5uuQjRXYYuoBBkXXZKJjVPc2S4itbqJ6qroyDq15XIcZPEIdQW_Y-j_b4wXLwFJQg25cS2YnPlj7GY95Hs1LxtpiD3Ck86-EIa-HUTLzykl2927wb4kbmw6ESx4Y27I0/w640-h360/Footprinting%20through%20Web%20Services%20-%20Part%201%20Cover.jpg" width="640" /></a>
</div>
<p style="text-align: justify;">
In this section, we'll show you how to use web resources, including personal
search engines, social networking sites, financial services, third-party data
repositories, groups, forums, blogs, and more, to obtain publically available
information about the target organisation. Using this information, an
attacker may build a hacking strategy to break into the target organization's
network and carry out advanced system attacks.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
This topic is divided into two articles. Continue Reading <a href="https://www.cyberwiki.in/2023/07/footprinting-through-web-services-part-2.html">Part 2</a>.
</p>
<p style="text-align: justify;"><br /></p>
<h3 style="text-align: justify;">
Finding the Company's Domains and Sub-domains
</h3>
<div style="text-align: justify;">
The websites of an organization often offer a wealth of important information
that is freely accessible to the public, including organisational histories,
services and products, and contact details. Sub-domains may provide
insights into an organization. However, a sub-domain may be available to
only a few people. These persons can be employees.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
In many organizations, sub-domains are created to test new technologies before
deploying to the main server. These sub-domains can be may be insecure or
vulnerable. Identifying such sub-domains may reveal critical information such
as source code or essential documents from the web server. Most organizations
use standard formats for sub-domains which can easily be discoverable by a
hacker who knows external URLs. Tools like VirusTotal,
<a href="https://www.cyberwiki.in/2021/05/sublist3r-subdomains-enumerator.html">Sublist3r</a>, <a href="https://searchdns.netcraft.com/" target="_blank">Netcraft</a> or
Google Dork (<i>site:hackhunt.in -inurl:www</i>)<i> </i>can be used to
find sub-domains.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">
Gathering Information from Financial Services
</h3>
<div style="text-align: justify;">
Financial Services can provide a large amount of useful information such as
the market value of a company's shares, company profile, competitor details,
stock exchange rates, corporate press releases, and financial reports along
with news, and blog search articles about corporations. Services like Google
Finance, MSN Money, Yahoo Finance, and Investing.com can be used to gather
sensitive information. Additionally, an attacker can use various malicious
ways to gain access to obtain private information.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Monitoring Targets Using Alerts</h3>
<div style="text-align: justify;">
Services for monitoring content such as delivering automated, current
information depending on user preferences is called alerts. Tools such as
<a href="https://www.google.com/alerts" target="_blank">Google Alerts</a>,
Twitter Alerts, and Giga Alerts can help attackers to keep watch on mentions
of the organization's name, member names, website, or any other significant
individuals or initiatives. Attackers can gather updated information
about the target periodically from the alert services and use it for further
attacks.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">Tracking Online Reputation of the Target</h3>
<div style="text-align: justify;">
Online Reputation Management (ORM) is a process of monitoring displays when
someone searches for a company's reputation on the Internet. ORM then takes
measures to minimize negative search results or reviews.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
We can learn what people are saying about a company's brand in real-time
through the web, social media, and news with the aid of online reputation
tracking technologies. Organisations frequently aim to be more transparent
online in order to manage their internet reputation positively. The attacker
might be able to gather general information about the target company with the
use of this transparency. Tools like
<a href="https://mention.com/en/" target="_blank">Mention</a> can be used to
track online reputation. ORM Tracking tools can be used by an attacker to:
</div>
<div style="text-align: justify;">
<ul>
<li>Track a company's online reputation</li>
<li>Collect a company's search engine ranking information</li>
<li>Obtain email notifications when a company is mentioned online</li>
<li>Track conversations</li>
<li>Obtain social news about the target organization. </li>
</ul>
<div><br /></div>
<h3>Finding the Geographical Location of the Target</h3>
<div>
Information such as the physical location of an organization plays a vital
role in the hacking process. In addition to the precise location, a
hacker can learn about nearby open Wi-Fi hotspots that could provide access
to the network of the target company. Attackers may use tools like
Google Earth, Google Maps, Yahoo Maps, and Wikimapia to locate building
entrances, security cameras, gates, hiding spots, weak points in perimeter
fences, and utility resources like electricity connections, traffic
conditions, driving directions, etc.
</div>
<div><br /></div>
<div>
Attackers who are aware of the location of a target organisation may use
social engineering, dumpster diving, spying, and other non-technical attacks
to learn more. Unauthorised access to buildings, wired and wireless
networks, and systems may be possible using this knowledge.
</div>
<div><br /></div>
<div>
<b><i>You might be interested in, </i></b>
</div>
<div>
<ul>
<li><a href="https://www.cyberwiki.in/2023/07/footprinting-through-web-services-part-2.html">Footprinting through Web Services - Part 2</a></li>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html">Phases of Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html">Introduction to Footprinting - First Step to Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html">Information Obtained in Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html">Objective and Threats of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html">Countermeasures of Footprinting</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html">Footprinting - First Step on Hacking (Summary) with Tools</a>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-89510808383979912542023-05-19T22:43:00.003+05:302023-05-19T22:45:46.210+05:30Google Dorks for VoIP, VPN, and FTP<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8ikjEBCGSZnnK3FnWu6z4Nmpw3xoBGrz0M5OHrjX2Siz5QAvRViLfuaKUcaKV3S3z8an61EJdMaPgR6AU0j1zYLdRiLTAkgjoWR-HYTV7t-QLlD-ulcN9SQmbu9woq-Qdb5Ogj4HYdHmsqTliA9_JquH65bnDsK0cogt92nmcBa2HUem-mFdeydSB/s1280/Google%20Dorks%20for%20VoIP,%20VPN,%20and%20FTP%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8ikjEBCGSZnnK3FnWu6z4Nmpw3xoBGrz0M5OHrjX2Siz5QAvRViLfuaKUcaKV3S3z8an61EJdMaPgR6AU0j1zYLdRiLTAkgjoWR-HYTV7t-QLlD-ulcN9SQmbu9woq-Qdb5Ogj4HYdHmsqTliA9_JquH65bnDsK0cogt92nmcBa2HUem-mFdeydSB/w640-h360/Google%20Dorks%20for%20VoIP,%20VPN,%20and%20FTP%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<p>
<span style="text-align: justify;"
>Footprinting using advanced Google hacking techniques involves locating
specific strings of text within search results using advanced operators in
the Google search engine. Queries can retrieve valuable data about the
target company from Google search results using Google Dorks. </span
>
</p>
<p>
<span style="text-align: justify;"><br /></span>
</p>
<p>
<span style="text-align: justify;"
>You can use these Google dorks for footprinting VoIP, VPN and FTP networks.
The following tables summarize some of the Google Dorks. </span
>
</p>
<p>
<span style="text-align: justify;"><br /></span>
</p>
<h3 style="text-align: left;">VoIP Footprinting Dorks</h3>
<div class="post-table">
<table>
<thead>
<tr>
<th>Google Dork</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="Google Dork">
<b
>intitle:"Login Page" intext:"Phone Adapter Configuration
Utility"</b
>
</td>
<td data-label="Description">Pages containing login portals</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>inurl:/voice/advanced/ intitle:Linsys SPA configuration</b>
</td>
<td data-label="Description">
Finds the Linksys VoIP router configuration page
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>intitle:"D-Link VoIP Router" "Welcome"</b>
</td>
<td data-label="Description">Pages containing D-Link login portals</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>intitle:asterisk.management.protal web-access</b>
</td>
<td data-label="Description">
Looks for the Asterisk management portal
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>intitle:"SPA504G Configuration"</b></td>
<td data-label="Description">
Finds Cisco SPA504G Configuration Utility for IP phones
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>intitle:"Sipura.SPA.Configuration" -.pdf</b>
</td>
<td data-label="Description">
Finds configuration pages for online VoIP devices
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>inurl:8080 intitle:"login" intext:"UserLogin" "English"</b>
</td>
<td data-label="Description">VoIP login portals</td>
</tr>
</tbody>
</table>
</div>
<p style="text-align: left;"><br /></p>
<h3 style="text-align: left;">VPN Footprinting Dorks</h3>
<div class="post-table">
<table>
<thead>
<tr>
<th>Google Dork</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="Google Dork"><b>filetype:pcf "cisco" "GroupPwd"</b></td>
<td data-label="Description">
Cisco VPN files with Group Passwords for remote access
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>"[main]" "enc_GroupPwd=" ext:txt</b>
</td>
<td data-label="Description">
Finds Cisco VPN client passwords (encrypted but easily cracked)
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>"Config" intitle:"Index of" intext:"vpn"</b>
</td>
<td data-label="Description">Directory with keys of VPN server</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>!Host=*.* intext:enc_UserPassword=* ext:pcf</b>
</td>
<td data-label="Description">
Looks for profile configuration files (.pcf), which contain user VPN
profiles
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>filetype:rcf inurl:vpn</b></td>
<td data-label="Description">
Finds Sonicwall Global VPN Client files containing sensitive
information and login
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>filetype:pcf vpn OR Group</b></td>
<td data-label="Description">
Finds publicly accessible .pcf used by VPN clients
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>inurl"/remote/login/?lang=en</b></td>
<td data-label="Description">
Finds FortiGate Firewall's SSL-VPN login portal
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>vpnssl</b></td>
<td data-label="Description">
Retrieves login portals containing vpnssl companies' access
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b
>intitle:"SSL VPN Service" + intext:"Your system administrator
provided the following information to help understand and remedy the
security conditions:"</b
>
</td>
<td data-label="Description">Finds Cisco asa Login web pages</td>
</tr>
</tbody>
</table>
</div>
<p><br /></p>
<h3 style="text-align: left;">FTP Footprinting Dorks</h3>
<div class="post-table">
<table>
<thead>
<tr>
<th>Google Dork</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td data-label="Google Dork">
<b>inurl:github.com intext:.ftpconfig -issues</b>
</td>
<td data-label="Description">
Returns SFTP/FTP server credentials on GitHub
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>type:mil inurl:ftp ext:pdf | ps</b></td>
<td data-label="Description">Returns sensitive directories on FTP</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>intext:pure-ftpd.conf intitle:index of</b>
</td>
<td data-label="Description">
Returns servers exposing pure-ftpd configuration files
</td>
</tr>
<tr>
<td data-label="Google Dork">
<b>intitle:"Index of" intext:sftp-config.json</b>
</td>
<td data-label="Description">
Extracts list of FTP/SFTP passwords from sublime text
</td>
</tr>
<tr>
<td data-label="Google Dork"><b>inurl:"ftp://www." "Index of /"</b></td>
<td data-label="Description">Displays various online FTP servers</td>
</tr>
<tr>
<td data-label="Google Dork">
<b
>inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf |
sh) ~'/html'</b
>
</td>
<td data-label="Description">
Returns a list of FTP servers by IP address, mostly Windows NT servers
with guest login capabilities
</td>
</tr>
</tbody>
</table>
</div>
<p><br /></p>
<div>
<b><i>You might be interested in,</i></b>
</div>
<div>
<ul>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/footprinting-through-search-engines.html"
>Footprinting through Search Engines</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2020/12/introduction-to-google-dorking.html"
>Introduction to Google Dorking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/google-hacking-and-its-database-ghdb.html"
>Google Hacking and its Database (GHDB)</a
>
</li>
</ul>
</div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-39424242748546861372023-05-19T17:48:00.002+05:302023-05-19T22:44:16.592+05:30Google Hacking and its Database (GHDB)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL38q6QDkJcavMEykq8XNWmlu9dToKK54yUR8hpx8zjpkFR2awCEGrJemMMfcHDbHyG8YFlECs3rfokv0vjC4xSeF--VFauegJlXGeGNCl_ayb1FXvOn_ha-qK1angWVl0E0IjLjnLDTm7QuGP1RbjCWgZ3OBRVXx46qbRggaFRwY-xmibFHDfs5gL/s1280/Google%20Hacking%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL38q6QDkJcavMEykq8XNWmlu9dToKK54yUR8hpx8zjpkFR2awCEGrJemMMfcHDbHyG8YFlECs3rfokv0vjC4xSeF--VFauegJlXGeGNCl_ayb1FXvOn_ha-qK1angWVl0E0IjLjnLDTm7QuGP1RbjCWgZ3OBRVXx46qbRggaFRwY-xmibFHDfs5gL/w640-h360/Google%20Hacking%20Cover.jpg" width="640" /></a>
</div>
<br />
<p style="text-align: justify;">
Attackers call the practice of crafting complex search engine queries "Google
Hacking." Footprinting using advanced Google hacking techniques involves
locating specific strings of text within search results using advanced
operators in the Google search engine. Attackers can use the database of
searches known as the
<a href="https://www.exploit-db.com/" target="_blank">Google Hacking Database (GHDB)</a>
to find sensitive information.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
The attacker can not only detect websites and web servers that are vulnerable
to exploitation but also locate private, sensitive information about others,
such as credit card numbers, social security numbers, passwords, and so on.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
The
<a href="https://www.exploit-db.com/" target="_blank">Google Hacking Database (GHDB)</a>
is an authoritative source for querying the ever-widening scope of the Google
Search Engine. Google Hacking Database Categories are as follows:
</p>
<p style="text-align: justify;"></p>
<ul>
<li>Footholds</li>
<li>Files Containing Usernames</li>
<li>Sensitive Directories</li>
<li>Web Server Detection</li>
<li>Vulnerable Files</li>
<li>Vulnerable Servers</li>
<li>Error Messages</li>
<li>Files Containing Juicy Info</li>
<li>Files Containing Passwords</li>
<li>Sensitive Online Shopping Info</li>
<li>Network or Vulnerability Data</li>
<li>Pages Containing Login Portals</li>
<li>Various Online Devices</li>
<li>Advisories and Vulnerabilities</li>
</ul>
<div><br /></div>
<div>
Examples of sensitive information on public servers that can be extracted by
an attacker with the help of GHDB queries include:
</div>
<div>
<ul>
<li>Error messages that contain sensitive information</li>
<li>Files containing passwords</li>
<li>Sensitive directories</li>
<li>Pages containing login portals</li>
<li>
Pages containing network or vulnerability data, such as IDS, firewall
logs, and configurations.
</li>
<li>Advisories and server vulnerabilities</li>
<li>Software version information</li>
<li>Web application source code</li>
<li>Connected IoT devices and their control panels, if unprotected</li>
<li>Hidden web pages such as intranet and VPN services</li>
</ul>
<div><br /></div>
<div>
<b><i>You might be interested in,</i></b>
</div>
<div>
<ul>
<li>
<a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html">Introduction to Footprinting - First Step to Hacking</a>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/footprinting-through-search-engines.html">Footprinting through Search Engines</a>
</li><li><a href="https://www.cyberwiki.in/2020/12/introduction-to-google-dorking.html">Introduction to Google Dorking</a></li>
<li><a href="https://www.cyberwiki.in/2023/05/google-dorks-for-voip-vpn-and-ftp.html">Google Dorks for VoIP, VPN and FTP</a></li>
</ul>
</div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-90618290190463435702023-05-18T12:31:00.005+05:302023-05-18T12:33:05.542+05:30Footprinting through Search Engines<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTZHBw5J_n_rF8rAKed27YmVHDyJfjC9gcoijVA-onPn2hDzTC_JhZrJZnVXPPIPEKtObG_4OmWHjiIpq-q3K7brTGp2ZfRXuXrlJK7q828eQ5zZ4n9mJUbMqygcVYTg8u8EUI2jgEdMfqRO6SZNgipqt9CmmLAYggWTpn_vE6hYGRhWVXxi3k_VE-/s1280/Footprinting%20through%20Search%20Engines%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTZHBw5J_n_rF8rAKed27YmVHDyJfjC9gcoijVA-onPn2hDzTC_JhZrJZnVXPPIPEKtObG_4OmWHjiIpq-q3K7brTGp2ZfRXuXrlJK7q828eQ5zZ4n9mJUbMqygcVYTg8u8EUI2jgEdMfqRO6SZNgipqt9CmmLAYggWTpn_vE6hYGRhWVXxi3k_VE-/w640-h360/Footprinting%20through%20Search%20Engines%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<p style="text-align: justify;">
Search engines play a significant role in extracting critical details about a
target from the Internet. Several search engines have the ability to focus on
organisational data, including technology systems, personnel profiles, login
pages, intranet portals, contact information, and so forth. The report helps
the attacker perform social engineering and other advanced system
attacks.
</p>
<p style="text-align: justify;"><br /></p>
<p style="text-align: justify;">
Let's first examine the inner workings of search engines. Crawlers, a type of
automated software used by search engines, are used to continuously scan live
websites and add the results to the search engine index, which is then saved
in a vast database. A list of Search Engine Results Pages (SERPs) is returned
when a user queries the search engine index. These outcomes include web pages,
videos, photos, and numerous more file types sorted and presented based on
relevancy.
</p>
<div><br /></div>
<div style="text-align: justify;">
Examples of major search engines include Google, DuckDuckGo, Bing, Yahoo, Ask,
Baidu, WolframAplha, and StartPage. Attackers can find, filter, and sort
specific information on the target using advanced search operators offered by
these search engines and creating complex searches. One of the example of
queries is Google Dorks.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
There are various ways and techniques to gather information using search
engines, from which a few are mentioned below:
</div>
<div style="text-align: justify;">
<ul>
<li>
<a href="#footprint_google_search"
>Google Advance Search and Advance Image Search</a
>
</li>
<li>
<a href="#footprint_reverse_image_search_engine"
>Reverse Image Search Engines</a
>
</li>
<li>
<a href="#footprint_google_video_search_engines">Video Search Engines</a>
</li>
<li><a href="#footprint_meta_search_engines">Meta Search Engines</a></li>
<li>
<a href="#footprint_iot_search_engines">IoT Search Engines</a>
</li>
<li><a href="#footprint_ftp_search_engines">FTP Search Engines</a></li>
</ul>
<div><br /></div>
<h3 id="footprint_google_search" style="text-align: center;">
GOOGLE SEARCH
</h3>
<div>
<div>
One can conduct a more thorough, sophisticated and accurate web search
with the help of Google Advanced Search and Advanced Image Search. Without
having to type or remember the sophisticated operators (Google Dorks), you
can utilise these search features to obtain the same level of
precision.
</div>
</div>
<div><br /></div>
<h4>Google Advance Search</h4>
<div><div>To carry out an Advance Google search,</div></div>
<div>
<ul>
<li>
Click on <b>Settings </b>at the bottom-right of the
<b>Google Homepage</b>.
</li>
<li>Choose <b>Advance Search</b> in the menu. </li>
<li>
Or, you can directly go to <a
href="https://www.google.com/advanced_search"
target="_blank"
>https://www.google.com/advanced_search</a
>.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbD1szpsvAY9mgYI6iMuxaBxmUK5UtgoFPCIxNAX4u4BcSwRhf5oMM5ebdeJezkcUoy-Li9Kpr4LtlKhiis5LINX16L6KJvxxox-nAKG5oH02zIQ_Voj6CIJuL2q8hAzSqRQVyBHChCcFXy8BPKdxXwMQzvnd_0avhIXDqyfSe506rXxis8QagizCW/s1195/google%20advance%20search%20cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="883"
data-original-width="1195"
height="472"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbD1szpsvAY9mgYI6iMuxaBxmUK5UtgoFPCIxNAX4u4BcSwRhf5oMM5ebdeJezkcUoy-Li9Kpr4LtlKhiis5LINX16L6KJvxxox-nAKG5oH02zIQ_Voj6CIJuL2q8hAzSqRQVyBHChCcFXy8BPKdxXwMQzvnd_0avhIXDqyfSe506rXxis8QagizCW/w640-h472/google%20advance%20search%20cyberwiki.PNG"
width="640"
/></a>
</div>
<h4>Google Advance Image Search</h4>
<div>
To carry out an Advance Google Image Search, go to <a
href="https://www.google.com/advanced_image_search"
target="_blank"
>https://www.google.com/advanced_image_search</a
>.
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUzLFccrOjceObWPooovLuv0OphbwMcWiPuNI98kiEO6T-M0TG9_RIr8gGXm6w_6j4DjcFg2DVpiHjt0LouepbIgFwCx7aG1ttziAeRPSJF7G7yeUFh4b2TeXZ2Yea6dc3hJKNaW73EjI5PEJDE90x-q8N4t8piffSvS4z3AD7a9E4BGtgZmCqATWx/s1195/google%20advance%20image%20search%20cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="892"
data-original-width="1195"
height="478"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUzLFccrOjceObWPooovLuv0OphbwMcWiPuNI98kiEO6T-M0TG9_RIr8gGXm6w_6j4DjcFg2DVpiHjt0LouepbIgFwCx7aG1ttziAeRPSJF7G7yeUFh4b2TeXZ2Yea6dc3hJKNaW73EjI5PEJDE90x-q8N4t8piffSvS4z3AD7a9E4BGtgZmCqATWx/w640-h478/google%20advance%20image%20search%20cyberwiki.PNG"
width="640"
/></a>
</div>
<br />
</div>
<h3 id="#footprint_reverse_image_search_engine" style="text-align: center;">
REVERSE IMAGE SEARCH ENGINES
</h3>
</div>
<div>
You can use an image as a search query with reverse image search. The search
engine verifies the search engine index and displays all the online
locations of the image on the search results page. The outcomes can assist
you in tracing the origin and specifics of images, including photos, profile
pictures, and memes. Attackers can use tools like,
</div>
<div>
<ul>
<li>
<a href="https://www.google.com/imghp" target="_blank"
>Google Reverse Image Search</a
>
</li>
<li>TineEye Reverse Image Search</li>
<li>Yahoo Image Search</li>
<li>Bing Image Search</li>
</ul>
<div><br /></div>
</div>
<h3 id="footprint_google_video_search_engines" style="text-align: center;">
VIDEO SEARCH ENGINES
</h3>
<div>
<div>
Internet-based search engines called "video search engines" search the web
for video information. Since it may be utilised to learn more about the
target, video content found using video search engines has significant
value. Engines like
<b
>YouTube,
<a href="https://www.google.com/videohp" target="_blank"
>Google Videos</a
>, Yahoo Videos, </b
>and <b>Bing Videos</b> can help an attacker search for video-based
content.
</div>
<div><br /></div>
<div>
<div>
After examining the video, an attacker can continue to examine the
video's content to discover secret data like the time/date and the
video's thumbnail. An attacker can transform a video into text and
other formats and extract crucial information about the target by using
video analysis programmes like <b>YouTube DataViewer</b>, <b>EXGif</b>,
and <b>VideoReverser.com</b>.
</div>
</div>
</div>
<div><br /></div>
<h3 id="footprint_meta_search_engines" style="text-align: center;">
META SEARCH ENGINES
</h3>
<div>
Meta search engines are a different kind of search engine. To get their own
results, these search engines send their queries to other search engines
(such as Google, Bing, Ask.com, etc.). Additionally, meta-search engines
have a feature that filters away duplicate search results so that they won't
be shown twice if a user does the same search query again.
</div>
<div><br /></div>
<div>
<div>
Attackers can obtain a great deal of detailed information by querying many
search engines using meta-search engines like
<b>Startpage, MetGer, </b>and <b>eTools.ch</b>. By masking the user's IP
address, meta-search engines also give search engine users anonymity.
</div>
</div>
<div><br /></div>
<h3 id="footprint_iot_search_engines" style="text-align: center;">
IoT SEARCH ENGINES
</h3>
<div>
An attacker can take control of CCTV cameras, traffic control systems,
Internet-connected home appliances, Supervisory Control and Data Acquisition
(SCADA) systems, industrial equipment, etc. by conducting a simple search on
IoT search engines. IoT search engines like <b>Censys, Shodan, </b>and
<b>Thingful</b> make it easier for attackers to get target information. Many
of them either use default credentials that are easily exploitable or
operate without passwords. The attacker can access such IoT devices and
carry out additional assaults using information like the IP address,
location, hostname, and open ports.
</div>
<div><br /></div>
<h3 id="footprint_ftp_search_engines" style="text-align: center;">
FTP SEARCH ENGINES
</h3>
<div>
<div>
FTP servers are widely used by businesses, industries, and academic
institutions to store massive file archives and other software that are
shared among their staff members. Numerous servers are accessible directly
through web browsers and are unprotected. Attackers can look for crucial
files and directories with important data using FTP search engines such as
<b>NAPALM FTP Indexer, Global FTP Search Engine, </b>and
<b>FreewareWeb FTP File Search</b>.
</div>
</div>
</div>
<div class="alert-message alert" style="text-align: justify;">
<i class="fa fa-info-circle"></i> As an ethical hacker, you can ask the search
engine to delete any removed pages or information about your business that you
discover in SERPs or the search engine cache.
</div>
<p style="text-align: justify;">
<b><i>You might be also interested in,</i></b>
</p>
<p style="text-align: justify;"></p>
<ul>
<li>
<a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html"
>Phases of Hacking</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html"
>Introduction to Footprinting - First Step to Hacking</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html"
>Information Obtained in Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html"
>Objective and Threats of Footprinting</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/05/countermeasures-of-footprinting.html"
>Countermeasures of Footprinting</a
>
</li>
<li>
<a href="https://www.cyberwiki.in/2020/09/footprinting.html"
>Footprinting - First Step on Hacking (Summary) with Tools</a
>
</li>
</ul>
<div><br /></div>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-7216637901989714242023-05-14T22:08:00.007+05:302023-07-20T15:47:22.275+05:30Configure BurpSuite Proxy for Web Application<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip1IaCtvDs1rCaxKbXk7Hbs-WHuhcxXLxbNtYbAsSnEcfxEf909O0XzSkDAKwwWzes4WG-J6v237Hasx90eHw0m3N_0rM7gVljPsBBoxP_sM0Mlj4bw_ViM8RriCtfNwYxaleLQSLU8eB4wyfAoHPySfIRoiFFA4P_6XyMPclKVPkIUwLcbAwoO0_E/s1280/Configure%20Burpsuite%20Proxy%20for%20Web%20Application%20Cover.jpg"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="720"
data-original-width="1280"
height="360"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip1IaCtvDs1rCaxKbXk7Hbs-WHuhcxXLxbNtYbAsSnEcfxEf909O0XzSkDAKwwWzes4WG-J6v237Hasx90eHw0m3N_0rM7gVljPsBBoxP_sM0Mlj4bw_ViM8RriCtfNwYxaleLQSLU8eB4wyfAoHPySfIRoiFFA4P_6XyMPclKVPkIUwLcbAwoO0_E/w640-h360/Configure%20Burpsuite%20Proxy%20for%20Web%20Application%20Cover.jpg"
width="640"
/></a>
</div>
<br />
<div style="text-align: justify;">
Burp Suite is a graphical tool and integrated platform for performing
application security testing. Its numerous tools work in unison to assist the
entire testing process, from mapping and analyzing an application's attack
surface to detecting and exploiting security vulnerabilities.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
From our previous blog, we were redirected to <b>Dashboard </b>and used
BurpSuite's Chromium Browser. Now let's set up the proxy so Burp can intercept
and capture the browser's request. Go to the <b>Proxy </b>tab and then to the
<b>Options </b>tab. There, you'll find the IP address
<b>127.0.0.1</b> and port <b>8080</b>, which are the default configuration. If
you couldn't find one, click the <b>Add</b> button and set one up.
</div>
<div style="text-align: justify;"><br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6OEhs-2d_LiHEQbgOfvw4tbu76tG3Q8qJqvcpJUG1T2q1SiE5QRh6pcuBsC4UjHMks2wiThl3hD54MziVC1Eg2u3DkyXeabU_C4MZRE4GqcOxwcpxAYKPeRY6aP0QDTekUwvI5NajjAKe61en3SOKuv2hsvB0RyuuxJZFyaq7UZOyqgGEFO9R-yVc/s890/burpsuite_proxy_settings_cyber_wiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="366"
data-original-width="890"
height="264"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6OEhs-2d_LiHEQbgOfvw4tbu76tG3Q8qJqvcpJUG1T2q1SiE5QRh6pcuBsC4UjHMks2wiThl3hD54MziVC1Eg2u3DkyXeabU_C4MZRE4GqcOxwcpxAYKPeRY6aP0QDTekUwvI5NajjAKe61en3SOKuv2hsvB0RyuuxJZFyaq7UZOyqgGEFO9R-yVc/w640-h264/burpsuite_proxy_settings_cyber_wiki.PNG"
width="640"
/></a>
</div>
<br />
<div style="text-align: justify;">
Now that we know the IP address and Port number BurpSuite listens to, we need
to configure the proxy in the browser.
</div>
<div style="text-align: justify;"><br /></div>
<h3 style="text-align: justify;">MANUAL CONFIGURATION</h3>
<div style="text-align: justify;">
<ul>
<li>
Go to the <b>Options</b> from the right top corner of your Firefox
browser.
</li>
<li>
Select <b>General</b>, from the left side and scroll down to the bottom
where you will find <b>Network Settings</b>, click on the <b
>Settings </b
>Button.
</li>
<li>
Enable Manual Configuration and enter the <b>IP address</b>,
<b>Port number</b> and check
<b>Also use this proxy for FTP and HTTPS</b>.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKMUzavP2Q46jazURiJ85Pt01XYz8ExfmaO9QgVljV34QQvdSffLRm-YnJdJVAIjqnejqVs61JHDepeXRB07AGU1qYMPpqERXBi1UCSpKFn7SWcXRUune1-1xND-ZRbH7eiDrIJZd-KrsUKpTYFuEAcu3sqO83u_VTmCij7_FhadGpmvudFMTq41Tv/s823/burpsuite_manual_proxy_setup_cyber_wiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="768"
data-original-width="823"
height="598"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKMUzavP2Q46jazURiJ85Pt01XYz8ExfmaO9QgVljV34QQvdSffLRm-YnJdJVAIjqnejqVs61JHDepeXRB07AGU1qYMPpqERXBi1UCSpKFn7SWcXRUune1-1xND-ZRbH7eiDrIJZd-KrsUKpTYFuEAcu3sqO83u_VTmCij7_FhadGpmvudFMTq41Tv/w640-h598/burpsuite_manual_proxy_setup_cyber_wiki.PNG"
width="640"
/></a>
</div>
<br />
<div>
Click <b>Ok</b>, and we have successfully configured the Proxy.
</div>
<div class="alert-message warning">
<i class="fa fa-exclamation-triangle"></i> The HTTP traffic is now
capturable, but not the HTTPS traffic. Burp would not be able to
intercept the HTTPS requests, despite the fact that we have also configured
the proxy for it. The HTTP traffic is now capturable, but not the HTTPS
traffic. Therefore, we need to build trust between Burp, the target web
application, and the client's browser in order to intercept HTTPS requests.
And to achieve this, we need to add the PortSwigger certificate to the list
of trusted authorities in the browser.
<a
href="https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate/ca-cert-firefox"
target="_blank"
>Click Here to Setup</a
>.
</div>
<h3>CONFIGURATION VIA FOXY PROXY</h3>
<div>
Manually setting up a proxy every time we would like to capture packets can
be a bit of overwork, and if the Burp isn’t capturing the request the proxy
should be disabled in order to surf the internet seamlessly.
</div>
<div>
<div><br /></div>
<div>
We will thus use one of the Firefox plugins,
<a
href="https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/"
target="_blank"
>FoxyProxy</a
>, due to how simple it is to set up the proxy. As a result, we will
always have the choice to enable and disable the proxy from the website we
are currently browsing.
</div>
</div>
<div>
<ul>
<li>Add the Foxy Proxy Extension to your browser.</li>
<li>
Once installed, from the right top corner go to <b>Options</b>.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi07lEkU2ecK9ecuraRRHJzTSOi8ykxxV2SmaKhISDro73AF3oeVRBsnpoJJmldHbwk3OLTjIHHnCHz9yoaqUzB3pCQkg0H-NTt0elsYr25Q_bt2vKhWdruHEdXZMAr_pQy34uuZ7SkzpzHBXcwEy1SSdCaNBK5KzCf82nbYGCFhWwE0raQD6mKnASx/s834/option_foxy_proxy_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="530"
data-original-width="834"
height="406"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi07lEkU2ecK9ecuraRRHJzTSOi8ykxxV2SmaKhISDro73AF3oeVRBsnpoJJmldHbwk3OLTjIHHnCHz9yoaqUzB3pCQkg0H-NTt0elsYr25Q_bt2vKhWdruHEdXZMAr_pQy34uuZ7SkzpzHBXcwEy1SSdCaNBK5KzCf82nbYGCFhWwE0raQD6mKnASx/w640-h406/option_foxy_proxy_cyberwiki.PNG"
width="640"
/></a>
</div>
<div>
<ul>
<li>Click on <b>Add</b>. </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnAgKj6ZpokP4_wZXklk8Z6JGEXFIouC1l3yEpjP93ql5dqdTa06VKA24XV9CHSmQ9st288NpgqyfL5WxwNuW9Tow-AuKk8jqu4sKyWcRGqkidIpXRiU80OyV3AB3SlZulslcmTh4otsCsnuxS07q4px00yGgOXjjDKv85Bj0_ie3s228rdf-hh6Uq/s835/click_add_foxyproxy_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="545"
data-original-width="835"
height="418"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnAgKj6ZpokP4_wZXklk8Z6JGEXFIouC1l3yEpjP93ql5dqdTa06VKA24XV9CHSmQ9st288NpgqyfL5WxwNuW9Tow-AuKk8jqu4sKyWcRGqkidIpXRiU80OyV3AB3SlZulslcmTh4otsCsnuxS07q4px00yGgOXjjDKv85Bj0_ie3s228rdf-hh6Uq/w640-h418/click_add_foxyproxy_cyberwiki.PNG"
width="640"
/></a>
</div>
<ul>
<li>
Fill up the details as before. Give the proxy configuration a name and
choose a colour. Make sure to check whether Proxy Type, HTTPS is
configured or not. Click on <b>Save</b>.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitTdVs9GefgLFFJ5xe48sIFh6sI1XfbH4XWEZwsjYCSiujo_MFO3hxltByu-f8f73oiq0HGZOQYwvzL7nwOsiT-cuLfzDa1seYPhIJQsVSveU5MIks2-Sbcv3KvL15cKLURS1GNVZbLEuo43em8vIFny1r5yhUVaeVu9o98JdAHLetmvRUAp6OWUqK/s833/add_proxy_foxyproxy_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="717"
data-original-width="833"
height="550"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitTdVs9GefgLFFJ5xe48sIFh6sI1XfbH4XWEZwsjYCSiujo_MFO3hxltByu-f8f73oiq0HGZOQYwvzL7nwOsiT-cuLfzDa1seYPhIJQsVSveU5MIks2-Sbcv3KvL15cKLURS1GNVZbLEuo43em8vIFny1r5yhUVaeVu9o98JdAHLetmvRUAp6OWUqK/w640-h550/add_proxy_foxyproxy_cyberwiki.PNG"
width="640"
/></a>
</div>
<div>
<ul>
<li>
The proxy service can be enabled and disabled directly from the web
application's home page. Switch on the intercept option to record
the HTTP request for the web page and enable the foxy proxy.
</li>
<li>
To enable, click on the extension from the right corner and click on
the Name of the Proxy.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyHpSTqQFs3A-24JwhMKT1RH5ac3dvkDQ-_NZhDapNg_YdVIHbegkUK2ApMGNb7CRHmU6DWI0BJRzzsWkgu2OddI0w3rLUnlqj3BksQczUPpLfuloP-x60VI5KOZP5nphgIjB55Myt0SNp9pYKmC2cK8C4P4TjHeqmFlfHY7zZhXaNbTG08p60zIbW/s489/burp_proxy_cyberwiki.PNG"
style="margin-left: 1em; margin-right: 1em;"
><img
border="0"
data-original-height="291"
data-original-width="489"
height="380"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyHpSTqQFs3A-24JwhMKT1RH5ac3dvkDQ-_NZhDapNg_YdVIHbegkUK2ApMGNb7CRHmU6DWI0BJRzzsWkgu2OddI0w3rLUnlqj3BksQczUPpLfuloP-x60VI5KOZP5nphgIjB55Myt0SNp9pYKmC2cK8C4P4TjHeqmFlfHY7zZhXaNbTG08p60zIbW/w640-h380/burp_proxy_cyberwiki.PNG"
width="640"
/></a>
</div>
<br />
<div>
<ul>
<li>
Switch the intercept from the Burpsuite and you will be able to
capture the requests.
</li>
</ul>
</div>
</div>
</div>
<div class="alert-message warning">
<i class="fa fa-exclamation-triangle"></i> The HTTP traffic is now
capturable, but not the HTTPS traffic. Burp would not be able to
intercept the HTTPS requests, although we have also configured the proxy
for it. The HTTP traffic is now capturable, but not the HTTPS traffic.
Therefore, we need to build trust between Burp, the target web
application, and the client's browser in order to intercept HTTPS
requests. And to achieve this, we need to add the PortSwigger certificate
to the list of trusted authorities in the browser.
<a
href="https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate/ca-cert-firefox"
target="_blank"
>Click Here to Setup</a
>.
</div>
</div>
</div>
<div>
<b><i>You might be interested in,</i></b>
</div>
<div>
<ul>
<li>
<a
href="https://www.cyberwiki.in/2023/05/introduction-to-burpsuite-and.html"
>Introduction and Installation of BurpSuite</a
>
</li>
<li>
<a
href="https://www.cyberwiki.in/2023/07/configure-burpsuite-proxy-for-mobile.html"
>Configure BurpSuite Proxy for Mobile Application</a
>
</li>
<li>Fuzzing via BurpSuite</li>
</ul>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-54765145201158294302023-05-12T23:01:00.004+05:302023-07-20T15:48:38.615+05:30Introduction to Burpsuite and Installation<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5UTBouMxNwvuOmHepuX_ovoiQvVzNydPNWaA4oSFLloo1upmAWKVGOQkFmVeBsmbpYxqbMeU9sV0edWUekdd5m60Pk257kwB252dkKEbE8qLQVCl35JpqL9jXBm-mqRbVE5Cz9-kMX7RbCNOTtQyr5rLiSElScIAaCHvvLQPTzdpRWr-6__6-dlS-/s1280/Introduction%20to%20Burpsuite%20and%20Installation%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5UTBouMxNwvuOmHepuX_ovoiQvVzNydPNWaA4oSFLloo1upmAWKVGOQkFmVeBsmbpYxqbMeU9sV0edWUekdd5m60Pk257kwB252dkKEbE8qLQVCl35JpqL9jXBm-mqRbVE5Cz9-kMX7RbCNOTtQyr5rLiSElScIAaCHvvLQPTzdpRWr-6__6-dlS-/w640-h360/Introduction%20to%20Burpsuite%20and%20Installation%20Cover.jpg" width="640" /></a>
</div>
<br />
<div style="text-align: justify;">
Burp Suite is a graphical tool and integrated platform for performing
application security testing. Its numerous tools work in unison to assist the
full testing process, from mapping and analyzing an application's attack
surface to detecting and exploiting security vulnerabilities.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
Burp Suite has an intercepting proxy that acts as a man-in-the-middle between
the target application and its web server. It captures HTTP requests on
the go and enables the tester to replay or modify the request before
delivering it to the target server.
</div>
<div style="text-align: justify;"><br /></div>
<div style="text-align: justify;">
<div>
Brupsuite comes in different versions, free (community) and paid
(professional). The <b>Professional Edition</b> has a lot more
features activated, including active and passive scanning, saving project,
use of the bApp Store, etc. All of its tools help to speed up and improve
testing. By increasing the number of threads, it even gives us the chance to
take advantage of the built-in payloads for fuzzing and brute-forcing
considerably more quickly.
</div>
<div><br /></div>
<div>
Although the <b>Community Edition</b> only has a few features, it has all we
require for manual penetration testing. Regardless of whether it involves
capturing, crawling, or altering the request.
</div>
<div><br /></div>
<div><br /></div>
<h3>INSTALLATION</h3>
<div>
The first step is to go to the PortSwigger Website and download the Burpsite
version suitable for you. Link -
<a href="https://portswigger.net/burp/releases">https://portswigger.net/burp/releases</a>. You can choose the trial option for the Professional edition or the
community version to familiarise yourself with the software before buying.
For the sake of this example, we will be using the professional edition.<b> Prior to using BurpSuite</b>, you need to install the latest version of
<a href="https://www.java.com/en/download/">Java</a>.
</div>
<div><br /></div>
<div>
For Linux Users, you can download <b>Linux </b>or <b>JAR</b>. Starting up
BurpSuite in Windows is similar to other software. If you are using
a <b>JAR </b>file to start BurpSuite, you need to use the command line.
Command:
<i style="font-weight: bold;">java -jar <file_location>.jar</i>.
</div>
<div><br /></div>
<div>
Once the start the BurpSuite, you will be prompted with the below-mentioned
screen. Here you can see three options that are pretty self-explanatory. For
the community edition, you can only select <b>Temporary Project </b>(this
means all the work you will do in BurpSuite will no longer be available once
the software is closed).
</div>
<div><br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8zd98lhy_gajYJZffBjS4uc6zG15JlrUhPIzbQFNuyO1K382DIGOeQSjFMqspQOWWHK-fqUqh7nYm13B3xIkIHJz-IzLcy79EhB7O1Rw-XFOEOiZHZMu3yu6UA8IwA2W753EicPOJEwWtt1DVvLHOmj1H5N5B9Lgk-kG1VV96JO0m5ycI8hCsUc4k/s852/burpsuite_professional_create_project_cyber_wiki.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="534" data-original-width="852" height="402" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8zd98lhy_gajYJZffBjS4uc6zG15JlrUhPIzbQFNuyO1K382DIGOeQSjFMqspQOWWHK-fqUqh7nYm13B3xIkIHJz-IzLcy79EhB7O1Rw-XFOEOiZHZMu3yu6UA8IwA2W753EicPOJEwWtt1DVvLHOmj1H5N5B9Lgk-kG1VV96JO0m5ycI8hCsUc4k/w640-h402/burpsuite_professional_create_project_cyber_wiki.PNG" width="640" /></a>
</div>
<br />
<div>
<ul>
<li>
Once you select the Project Type, on to the Next screen. You will
prompt to use the configuration for BurpSuite. You can load a
configuration of your own or get one online from experts. For the time
being, select <b>Use Burp Default</b>.
</li>
</ul>
</div>
<div><br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkkqdZa7QPJ_dHf73ZYhvfsCm1wV-hFEuaEugUngVDNJLOTjyGsRmr__n1SoiYOMTALO50tq3Hv47SgO9pT2bkmbQCdzkTbFlfMzMn4mZDJd2tgmcjWcnuA3F3e22Is5sofpTcZqwgyq035m1HcDKCWwM9fXhpkwOVcUO0-IWeFCpTzwzieuo4ULt4/s849/burpsuite_professional_start_default_cyber_wiki.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="535" data-original-width="849" height="404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkkqdZa7QPJ_dHf73ZYhvfsCm1wV-hFEuaEugUngVDNJLOTjyGsRmr__n1SoiYOMTALO50tq3Hv47SgO9pT2bkmbQCdzkTbFlfMzMn4mZDJd2tgmcjWcnuA3F3e22Is5sofpTcZqwgyq035m1HcDKCWwM9fXhpkwOVcUO0-IWeFCpTzwzieuo4ULt4/w640-h404/burpsuite_professional_start_default_cyber_wiki.PNG" width="640" /></a>
</div>
<div>
<ul>
<li>Click on <b>Start Burp</b>, and you will see the Dashboard.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc51PydFygfSFzgDDdD3GGFXHQatCPlxQZkQxGlPOYcfk5xrtIAZABSLTi3NF5-5Gn5RmuFp4DQygo8X-u33RT1GpPn7yluB_kHDJUDWkL_K9o09QtpAZMD2UE1lTdkNES3D6xvpu4zYI4WOouRadrDN3le-_VI3r_Q-mg3PnFTCrl46RWBfp9vkAy/s1277/burpsuite_professional_dashboard_cyber_wiki.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="913" data-original-width="1277" height="458" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc51PydFygfSFzgDDdD3GGFXHQatCPlxQZkQxGlPOYcfk5xrtIAZABSLTi3NF5-5Gn5RmuFp4DQygo8X-u33RT1GpPn7yluB_kHDJUDWkL_K9o09QtpAZMD2UE1lTdkNES3D6xvpu4zYI4WOouRadrDN3le-_VI3r_Q-mg3PnFTCrl46RWBfp9vkAy/w640-h458/burpsuite_professional_dashboard_cyber_wiki.PNG" width="640" /></a>
</div>
<div><br /></div>
<div>
<ul>
<li>
Go to <b>Proxy </b>> <b>Intercept</b>. Switch it on and click on
<b>Open Browser </b>as shown below.
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMdvSiHFMhmAxzGkqwLvGZqk481PX5V05h0paH5lVB-wTfDtOA57CqQi1iMDX2DvNa-HS0tH3dSnBWywkI9Roy0F3PPxjZjshL0R2HQ8p66Zx65wFUoTAW1LYW5rCoQ2rIPf0BpDdaqvcb8eC_XRzOI7dVrNVU9CIhKQNDyewplImJHSePsueqIUXW/s633/burpsuite_intercept_on_cyber_wiki.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="195" data-original-width="633" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMdvSiHFMhmAxzGkqwLvGZqk481PX5V05h0paH5lVB-wTfDtOA57CqQi1iMDX2DvNa-HS0tH3dSnBWywkI9Roy0F3PPxjZjshL0R2HQ8p66Zx65wFUoTAW1LYW5rCoQ2rIPf0BpDdaqvcb8eC_XRzOI7dVrNVU9CIhKQNDyewplImJHSePsueqIUXW/w640-h198/burpsuite_intercept_on_cyber_wiki.PNG" width="640" /></a>
</div>
</div>
<div class="alert-message alert">
<i class="fa fa-info-circle"></i>You can now successfully, intercept the
request and manipulate the packets. However, we prefer to configure the
proxy in Firefox where we have other extensions enabled as well. Check the
links below.
</div>
</div>
<div>
<b><i>You might be interested in,</i></b>
</div>
<div>
<ul>
<li><a href="https://www.cyberwiki.in/2023/05/configure-burpsuite-proxy-for-web.html" target="_blank">Configure BurpSuite Proxy for Web Application</a></li>
<li><a href="https://www.cyberwiki.in/2023/07/configure-burpsuite-proxy-for-mobile.html">Configure BurpSuite Proxy for Mobile Application</a></li>
<li>Fuzzing via BurpSuite</li>
</ul>
<div>
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2489946807776968301.post-71168595880132363582023-05-11T15:18:00.005+05:302023-05-11T15:24:18.713+05:30Countermeasures of Footprinting<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxch-Y1SzBS8ttZRGM9pBNp2_PuGqWoCmNIZFDJuFs32N1BcUTNmk4BJ4ABT8WEDRCBjtHgXZccOPMVxQJlFvpUVkLM5pFuBc6Bg1DKK297L5YyZPn3Tt-lcVjxx_NCB8qSeEXYGZoZJWbkvbjfGD3ttqQxcH0KqBrjRoXQK_drtMygUc3L89o46Fu/s1280/Countermeasures%20of%20Footprinting%20Cover.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxch-Y1SzBS8ttZRGM9pBNp2_PuGqWoCmNIZFDJuFs32N1BcUTNmk4BJ4ABT8WEDRCBjtHgXZccOPMVxQJlFvpUVkLM5pFuBc6Bg1DKK297L5YyZPn3Tt-lcVjxx_NCB8qSeEXYGZoZJWbkvbjfGD3ttqQxcH0KqBrjRoXQK_drtMygUc3L89o46Fu/w640-h360/Countermeasures%20of%20Footprinting%20Cover.jpg" width="640" /></a>
</div>
<br />
<div style="text-align: justify;">
Finding the level of risk connected with the organization's publicly available
information is a crucial component of footprinting. Footprinting, also known
as the preparatory phase is the first step in ethical hacking. The
reconnaissance or footprinting part has the most weightage in the phases of
hacking almost above 50%, making it the most crucial and vital.
</div>
<div><br /></div>
<div>
Methods, measures or actions taken to prevent information disclosure are as
follows:
</div>
<div style="text-align: justfiy;">
<ul>
<li>
Restrict the employees' access to social networking sites from the
organization's network.
</li>
<li>
Configure web servers to avoid information leakage.
</li>
<li>
Educate employees to use pseudonyms on blogs, groups, and forums.
</li>
<li>
Do not reveal critical information in press releases, annual reports,
product catalogs, etc.
</li>
<li>
Limit the amount of information that you are publishing on the
website/Internet.
</li>
<li>
Use footprinting techniques to discover and remove any sensitive
information publicly available.
</li>
<li>
Prevent search engines from caching a web page and use anonymous
registration services.
</li>
<li>
Develop and enforce security policies such as information security policy,
password policy, etc, to regulate the information that employees can
reveal to third parties.</li><li>Set apart internal and external DNS or use split DNS, and restrict zone transfer to authorized servers.</li><li>Disable directory listings in the web servers. </li><li>Conduct security awareness training periodically to educate employees about various social engineering tricks and risks. </li><li>Opt for privacy services on the Whois lookup database.</li><li>Avoid domain-level cross-linking for critical assets.</li><li>Encrypt and password-protect sensitive information. </li><li>Do not enable protocols that are not required. </li><li>Always use TCP/IP and IPSec filters for defence in depth. </li><li>Configure IIS to avoid information disclosure through banner grabbing. </li><li>Hide the IP address and the related information by implementing <a href="https://www.cyberwiki.in/2022/07/virtual-private-network-vpn-explained.html">VPN</a> or keeping the server behind a secure <a href="https://www.cyberwiki.in/2022/09/proxy-server-introduction.html">proxy</a>.</li><li>Request archive.org to delete the history of the website from the archive database.</li><li>Keep the domain name profile private. </li><li>Place critical documents such as business plans and proprietary documents offline to prevent exploitation. </li><li>Train employees to prevent social engineering techniques and attacks. </li><li>Sanitize the details provided to the Internet registrars to hide the direct contact details of the organization.</li><li>Disable the geo-tagging functionality on cameras to prevent geolocation tracking. </li><li>Avoid revealing one's location or travel plans on social networking sites. </li><li>Turn off geolocation access on all mobile devices when not required. </li><li>Ensure that no critical information such as strategic plans, product information, and sales projections is displayed on notice boards or walls. </li>
</ul><div><br /></div><div><p style="text-align: justify;"><b><i>You might be also interested in,</i></b></p><p style="text-align: justify;"></p><ul><li><a href="https://www.cyberwiki.in/2022/04/phases-of-hacking.html" target="">Phases of Hacking</a></li><li><a href="https://www.cyberwiki.in/2023/05/introduction-to-footprinting.html">Introduction to Footprinting</a></li><li><a href="https://www.cyberwiki.in/2023/05/objectives-and-threat-of-footprinting.html">Objective and Threats of Footprinting</a></li><li><a href="https://www.cyberwiki.in/2023/05/types-information-gathered-via.html">Types of Information Gathered via Footprinting</a></li><li><a href="https://www.cyberwiki.in/2020/09/footprinting.html">Footprinting - First Step on Hacking (Summary) with Tools</a></li></ul><div><br /></div><div>We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.</div></div>
</div>
Unknownnoreply@blogger.com0