FOOTPRINTING
Footprinting is first phase in hacking. In this collection of information took place. Information which is generally available may contain sensitive information. Using Footprinting attacker can collect information like emails, contacts, domain name, information and using social engineering even more sensitive data.
Footprinting is necessary step. The information gathered in this step is used further to exploit or hack the target. In this modules, various aspects of Footprinting would be covered.
Footprinting is first phase in hacking. In this collection of information took place. Information which is generally available may contain sensitive information. Using Footprinting attacker can collect information like emails, contacts, domain name, information and using social engineering even more sensitive data.
Footprinting is necessary step. The information gathered in this step is used further to exploit or hack the target. In this modules, various aspects of Footprinting would be covered.
1.INTERNAL FOOTPRINTING
•Footprinting performed inside the network is known as internal Footprinting. In internal Footprinting, attacker may access internal network or is directly or indirectly connected to the internal network.
•Footprinting performed inside the network is known as internal Footprinting. In internal Footprinting, attacker may access internal network or is directly or indirectly connected to the internal network.
§ Dumpster diving:
looking for sensitive information ingarbage or dumps is known as dumpster diving. Sometimes, attacker may find a piece of paper or some important documents from which sensitive information can be retrieved.
When penetration testing or hacking is performed each and every possible aspect of gathering information is
taken into consideration.
looking for sensitive information ingarbage or dumps is known as dumpster diving. Sometimes, attacker may find a piece of paper or some important documents from which sensitive information can be retrieved.
When penetration testing or hacking is performed each and every possible aspect of gathering information is
taken into consideration.
When penetration testing or hacking is performed each and every possible aspect of gathering information is
taken into consideration.
§Shoulder surfing :
•Looking at shoulder or guessing the password by viewing a person typing or indirectly seeking into his hand movement to get password. Sometime it provides quite sensitive information.
§Private websites :
•If attacker found any private websites of the target, it became treasure for him as he can gain bunch of sensitive information like employee and client details etc.
2. EXTERNAL FOOTPRINTING
•When attacker is not connected to the target network, in order to gather information, external Footprinting is used. Generally, external Footprinting provides hug number of information about the data. There lots of ways and possibilities to gather the information from outside of network
§Website:
•Website of the target may contain some sensitive information or may be vulnerable. From the website, attacker can easily get the contact details like e-mails and phone numbers. Using phone numbers, attacker can simply call and perform social engineering in order to gain sensitive information beside. Attacker can also perform social engineering over e-mails.
§Google:
•Google is one of the biggest search engine and helping hand for a hacker. Sometimes simply googling about target can give much sensitive information like admin contents or about target profiles over social media. Google help both actively and passively in gaining sensitive information. For ex, if you google for xyz you may get his picture. His address, about upcoming events or more of sensitive information about the target.
§Whois:
•Who is a tool (Bothe application and web application level) which is used to gather information about target domain like name server. Domain record, admin contacts and other relative information.
•Whois is on the major information provider and this information is used in writing penetration testing reports. It is a great database which contains records of almost every domain name.•www.whois.sc , (https://whois.domaintools.com/)•Is one of the popular website to check whois information.Ihope you understand what is footprinting and somet techniques of footprintinks that hacker use to gather information if you guys have any doubt & any suggestions for me please comment it.
thanks for reading....•
thanks for reading....
•
0 Comments