Sie sind auf Seite 1von 3

Lab Exercise 1:

Footprinting and reconnaissance

Footprinting a Target Network

The objective of this lab is to extract information about the target organization, but is not limited to:

IP address and range associated with the target.

Purpose, functioning and size of organization.

People and contacts at the target

Types of OS, network topologies, firewalls (hardware or software), remote access (SSH or VPN)

Task 1: Open Source Information Gathering using Windows Command line Utilities

1. Find IP address for http://www.certifiedhacker.com

2. Run cmd and ping www.certifiedhacker.com in command prompt

3. Note down the website’s IP. You may also get information on Ping Statistics (packets sent, packets received, packets lost and Approximate round up time)

4. Now find the max frame size on network. In cmd type ping www.certifiedhacker.com f l 1500 and then 1300. Observer the max packet size is less than 1500 but more than 1300. Now try different values until you find the max frame size. (Hint: size is in between 1460-1480)

5. (The frame size will differ depending upon the target network)

6. Now find out when TTL expires. Every frame on the network has TTL defined. If TTl reaches 0, the router discards the packet. In cmd type ping www.certifiedhacker.com i 3 (this sets TTL to 3, max you can set it to 255)

7. We will now use the ping command to emulate a traceroute

8. Find traceroute from your PC to www.certifiedhacker.com using the tracert command (tracert www.certifiedhacker.com )

9. Minimize the cmd above and launch a new cmd and type ping www.certifiedhacker.com i 2 n 1. The only difference is that we are setting the TTL to two in an attempt to check the lifespan on the packet.

10. Then again change TTL to 3,4,5…15 and observer the difference in packet loss, until the reply from destination host from ping and tracert are same.

11. Make a note of all IP addresses from which you receive the reply during the ping to emulate the tracert.

12. Launch a new command prompt, type nslookup. In interactive mode, type ‘set type=a’. This configures nslookup to query for the IP address of a given domain.

13. Type the target domain www.certifiedhacker.com . This resolves the IP address and displays the result.

14. The first two lines in the result specifies the default server hosted on the local machine. If the response is coming from your local machine’s server but not the server that legitimately hosts the domain www.certifiedhacker.com , it is considered to be a non-authoritative answer. You need to obtain the domain’s authoritative name server.

15. Type ‘set type=cname’

16. The CNAME lookup is done directly against the domain’s authoritative name server and lists the CNAME record for a domain.

17. This returns the domain’s authoritative name server, along with the mail server address.

18. Now that you have obtained the authoritative name server, now determine the IP address of the name server. Issue the command ‘set type=a’ and type the primary name server that is displayed in the step above.

19. The authoritative name server stores the records associated with the domain. So, if an attacker can determine the authoritative name server (primary name server) and obtain its associated IP address, he/she might attempt to exploit the server to perform attacks which include DoS, DDoS, URL Redirection and so on.

Document all IP addresses, reply request IP addresses, TTLs, DNS server names and other DNS information.

Task 2: Gathering Personal Information Using People Search Services

1. In the browser, type pipl.com

2. To begin the search, enter the details of the person you want to search for in the Name, Email, Username or Phone field and click the Search icon.

3. Pipl returns the search results with name you have entered (e.g career, education, phone number, social websites accounts.)

4. To learn the places where the person visited, click any link in the Places section.

Analyze and document all the results discovered in the lab exercise.

Task 3: Collecting Information about a Target using Firebug

Firebug is an add-on tool for Mozilla Firefox which displays information like directory structure, internal URLs, cookies, session IDs, etc.

1. Launch Firefox and type https://addons.mozilla.org/en-US/firefox/addon/firebug and press enter.

2. The firebug add-on webpage appears. Click Add to Firefox. The add-on begins to download. On completion a software installation dialog box appears. Click Install Now.

4. Enter the URL of the target website in the address bar. Click the Firebug add-on the top right corner of the navigation toolbar to enable the Firebug control panel which appears at the lower end of the screen. Click the ‘Console’ tab, and from the Firebug panel’s menu bar click ‘Enable’. Refresh the page.

5. Click the ‘Warnings’ tab under the console section. Under this tab, Firebug displays all the issues related to the security of the website architecture. You can view the results in all other tabs under ‘Console’ Section, which might return useful information related to the website/web application.

6. Click the HTML tab in the Firebug UI. The HTML section contains two tags: head and body, which contains scripts and texts that might reveal the build of the website.

7. The head and body tags contain information related to the authentication of the username and password fields such as the types of the input that is to be given in fields, which allows attacker to narrow down exploitation techniques.

8. Expand nodes and scripts written to develop the webpage.

9. Refer to tabs such as Style, Computed, Layout etc.

10. The CSS and Script tabs also display the HTML and Java scripts that were used to design the webpage. Attackers could use these scripts to build a similar (cloned) website which could be used to server malicious purposes such as harvesting the data entered in specific fields.

11. Explore other tabs as well: find the server name and web application framework used to develop the website and its version.

12. Click the Cookies tab in Firebug panel and click Enable.

13. Refresh the page. Observe the cookies related to current session. Attacker can use sniffing techniques to steal the cookies and manipulate them, thereby hijacking the session of an authenticated user without the need of entering legitimate credentials.

14. By gaining information described in the lab, an attacker can obtain the script related to a webpage, identify the server-side technologies and manipulate the cookies, which allow them to perfrom fraudulent activities such as entering the web applications, cloning a webpage, hijacking a session, stealing database information, etc.

Collect information like internal URLs, cookie details, directory structure, session IDs etc for different websites using Firebug.