information gathering is the process of collecting as much information as possible about targets network, for aidentifying various way to intrude into an organization’s network system.
in this post, we will see:
what is information gathering?
why information gathering?
the object of information gathering.
information gathering techniques.
information gathering tools.
What Is Information Gathering
information gathering or footprinting this is the first and the important step before any attack. this step is all about how to get information about your target, any professional hacker knows that he should know everything about his target, personally I see that the information gathering is 50% of the attack. You can collect information about the target organization through the means of footprinting in four steps:
1. Collect basic information about the target and its network
2. Determine the operating system used, platforms running, web server versions, etc.
3. Perform techniques such as Whois, DNS, network and organizational queries
4. Find vulnerabilities and exploits for launching attacks.
However, this activity is important as all crucial information needs to be gathered before you begin hacking.
why information Gathreing
This step may take a long time but like I told you before is important For attackers to build a hacking strategy, you need to gather information about your target you will not hack something you don’t know it. so that you can find the easiest way to breakthrough.
footprinting help you to:
know security posture footprinting allows you to know about the complete security posture profile of an organization and then yu can build your hacking plan accordingly.
Reduce Attack Area by using some tools and technique you will know a specific range of domain names, Network blocks, IPadress of systems directly connected to the internet, and many others details pertaining its security posture.
build information report after you get the information you need, you can build your information report or database about security weakness of the target organization. this report can be analyzed to find the easy way to breakthrough into the target organization’s security perimeter.
objectives of footprinting
there are lots of objectives of footprinting but The major objectives include collecting the target network information, system information, and the organizational information. and by using various tools and techniques you can gain information such as names, phone numbers, contact address, networks service, IP address and more….
collect Network Information
- Domain Name.
- Internal domain names.
- Network blocks
- Ip addresses of the systems.
- TCP and UDP services running.
- VPN points.
- Analog/digital Numbers.
Collect System Information
- System names.
- User and Group names.
- SNMP information.
- System architecture.
- System banners.
Collect Organization Information
- Employee details.
- Company directory.
- Company location.
- Address and phone numbers.
- Organization Website.
- Web server links relevant to the organization.
Informaion Gathering Techniques
1.collect information from Social Media
as you can see there is a lot of people using social media every day, social media sites allow people to share information about themselves such as name, contact information(mobile number, email ID), friends information and more… also, you can find photos and videos with their friends. Victims may join to a group to plays games or share their interests, now attackers can grab information about the victim’s interests by tracking their groups. you can collect information from This sites :
2.People Sreach websites
you can use this website to find information about people’s email addresses, phone numbers, house addresses, and more… Important: this Technique not sure to work That’s why social media still the best information gathering resource.
3.collect information through social engineering
Social engineering is not a tool or website you can use, is a totally non-technical process in wich an attacker tricks a person and obtains information about the victim. to perform social engineering you need first to have the confidence of an authorized user and then you can do your tricks. The basic goal of social engineering is to obtain some important information and then use for hacking. the information you can get through social engineering may include social security numbers, username, and passwords, operation systems and versions, IP address, the name of servers, and more… I see that the social engineering is the most powerful attack in the word of hacking because there is not how to protect yourself from this attack.
1.collect information from search engines
if you want general information about the company you try Wikipedia, you will find some much information such as physical location, contact address, the services offered, the number of employees some employees names, and more… that may prove to be a valuable source for hacking.
Public and Restricted websites
The public Website it’s easy to find but is not important for the Restricted websites. The Restricted website is a website not available to only a few people.The people may be employees of the company, members, etc. Restrictions can be applied based on the IP number, domain or subnet, username, and password. Example: If The Public website is www.example.com. The Restricted websites look like: http://Tech.example.com, http://answer.example.com, http://office.example.com. physical location well, information like physical information of the organization plays a big role in the hacking process.This information can be obtained using footprinting technique and it’s so easy to get it. with the physical location, we can collect information such as publicWIFi Networks, security cameras, gates, places to hide and more…
1.collect information from Social Media
companies just like people’s have social media profiles so yo can collect information from it.
3.collect information through social engineering
using social engineering to collect information about the company is so smart step and danger too. when you do This correctly, Congrats !! you are not just hacker , you are a spy 🙂
social engineering technique for companies:
1.searching for a job
3.make a relationship with the employees and there is more ….
now, we will discuss website footprinting.
as we know that the organization’s website is the first place where you can find information such as names, email addresses, phone numbers and so on.
in This section, we need to obtain a possible information about this website such as IP address, Domain name, Host of the site, OS details, etc.
there is a long list of tools that you can use it for that but this tools may not give you all these information for every site, that’s why we should use a smart technique.
browsing The website
browsing the target website will give important information such as:
Contact details: in the contact page you can find names, phone numbers, email addresses, location, maybe the location of admin or support people. you can use all the information to perform a social engineering.
path, database field names, query: you should analyze any think after a query that looks like a filename, path, etc carefully because you can use it for SQL injection
operation system used
software used and it’s version.
Mirroring The Website
website mirroring is a smart technique you can use it, it’s me to download the website on your desktop.
benefits of website mirroring:
helpful for offline browsing.
it’s useful to test the site at the time of website design and development.
it is possible to distribute to multi servers instead of using only one servers.
traceroute programs work on the concept of ICMP Protocol and Use The TTL field in the header of ICMP packets to discover the routers on the path to a target host.
finding the route of the target host is important to test against MITM(man-in-the-middle attacks).
Informaion Gathering Tools.
google hacking is the art of creating a complex and helpful search engine query.
if The target website Re vulnerable ta Google hacking then You can Find a This:
Files Containing Passwords.
pages contain login portals.
advisories and server vulnerability.
Some of the popular Google Operators Include:
[site]: it helps to find only pages that belong to the URL.
[allinure]: restricts the results to those with all the search keywords in the URL.
[cache]: displays the web page stored in the google cache.
[info]: Present some information That googles ha about a particular web page.
If you want More Information Youcan download This
using whois server prefer you to obtain information about the target domain name, contact details of its owners, expiry date, creation date, etc.
is a graphical tool used to tracing routers. it enables you to identify the geographical location of the routers, servers and other IP devices.
The data table contains information such as hop number, IPaddress, node name geographic location, etc.
maltego is open-source intelligence software has used for forensics and information gathering.
it can be used to determine the relationship and real-world links between people, social networks, companies, organization, websites, document, phrases, affiliations, and files.
HTTrack is an offline browser utility.it allows you to download the website from the internet to local directory, building recursively all directories, images, getting HTML, files from the server, etc.
SHODAN search engine
Using shodan search engine that let you find specific computers, routers, servers, security camera, etc
Netcraft is great information gathering tool. it allows you to find out the OS running on the target Network, IP addresses, and servers name, etc.
while you are connected to the same network with your target, This Crazy tool allows you to obtain information such as OS version, What Services Running, the existence of firewall and more …
I Hope This Post Was Helpful.
Please Write Comment If Like This Post.