In the world of Ethical Hacking, collecting the information regarding a target network from publicly accessible sources is referred to as Footprint or Reconnaissance.
Footprinting comes in the list of tasks that pen-testers or ethical hackers perform before the actual attack. Gathered information of the target helps to devise an effective strategy to compromise the system and network security. Pen-tester or Ethical hackers should think like an attacker, so they need to simulate all steps an attacker usually follows to get enough idea of the security of the target system.
We can extract critical information about the target organization by using effective use of Search Engines. The information we may be interested in could be contact details, employee details, login pages, technologies used, platform information, etc.
We will demonstrate to gather information using the following:
1) Google hacking technique
2) Video search engine
3) FTP search engine
4) IoT search engine
Table of Contents
Google Hacking involves the use of advanced operators in the google search engine to limit the search result to display the desired pages. These operators can be used to exploit vulnerable or insecure websites.
1) Open any web browser of your choice and navigate to Google.
2) Type intitle:asp.net site:www.microsoft.com and click search. We use two operators intitle and site that restricts the results to only those pages containing “ASP.NET” in the title as shown in the screenshot below.
3) Now, enter wikipedia filetype:pdf. When you click on any appearing result, it displays the PDF file.
4) Additionally, we have other advanced operators at our disposal to gather more specific information about the target organization.
|cache||The results contain the cached version of the web page||cache:www.google.com|
|allinurl||The result pages contain all the query terms specified in the URL.||allinurl:amazon cloud hosting|
|inurl||The result pages contain the word specified in the URL.||inurl: wordpress site:aws.amazon.com|
|allintitle||The result pages contain all query terms specified in the title.||allintitle: detect malware|
|inanchor||The result pages contain query terms specified in anchor text on the link to the pages.||anti-virus inanchor:Norton|
|allinanchor||The result pages contain all query terms specified in anchor text on the link to the pages.||allinanchor: best cloud service provider|
|link||The result pages contain links to the specified website or page.||link:www.googleguide.com|
|related||The result pages display the website similar or related to the specified URL.||related:www.google.com|
|info||The operator finds the information for the specified web page.||info:facebook.com|
|location||The operator finds information for the specified location.||location:foodpanda|
You may be interested in other advance operators like subject, intext, daterange, author, group, msgid, imagesize, @, #, .. , “”, OR, *, +, -, and etc.
Using Video Search Engine
Video search engines crawl the web looking for video content. We will demonstrate the use of YouTube Search Engine and YouTube DataViewer video analysis tools.
1) Go to any browser of your choice and navigate to Youtube.
2) In the search, type the name of your target organization and you will see the latest video uploaded by them. we chose “Facebook” for demonstration purposes.
3) Select the video of your choice, right-click on the video title, and click “Copy link address“.
4) Now, navigate to Youtube DataViewer, and paste the copied link and click Go. We will observe that it displays some information extracted from the video like Abstract, Video ID, Update Date, and Time. We also find the link button to perform a reverse image search on the thumbnail of the video.
Using FTP Search Engine
FTP search engines are used to search for the files located on FTP Server. These files may carry some useful information about the target organization as many large organizations use FTP servers to keep large file archives and other software that are shared among the employees.
We will use the NAPALM FTP indexer to extract critical information about the target organization.
1) Open the browser of your choice and navigate to the NAPALM FTP indexer and type “micrsoft” to the search bar.
2) You will observe that result contains the details of the FTP of the target organization i.e Microsoft.
3) You can also use other FTP search engines like FreewareWeb FTP File Search to gather useful FTP information of the target organization.
From IoT Search Engine
IoT search engines crawl the internet for vulnerable IoT devices that are publically accessible. These search engines can provide useful information on SCADA, Traffic control systems, Inter-connected household appliances, Industrial appliances, CCTV cameras, etc.
We will search for the information of vulnerable IoT devices in the target organization using the Shodan IoT Search Engine.
1) First, open the browser of your choice, navigate to Shodan Search Engine and type amazon. When you click the search button, you will see a list of vulnerable IoT devices related to amazon hosted in different parts of the world.