week 12

Hands-On Ethical Hacking

and Network Defense Second Edition

Chapter 4

Footprinting and Social Engineering

Objectives

• After reading this chapter and completing the

exercises, you will be able to:

– Use Web tools for footprinting

– Conduct competitive intelligence

– Describe DNS zone transfers

– Identify the types of social engineering

Hands-On Ethical Hacking and Network Defense, Second Edition 2

Using Web Tools for Footprinting

• “Case the joint”

– Look over the location

– Find weakness in security systems

– Types of locks and alarms used

• Footprinting

– Finding information on company’s network

– Passive and nonintrusive

– Several available Web tools

Hands-On Ethical Hacking and Network Defense, Second Edition 3

Hands-On Ethical Hacking and Network Defense, Second Edition 4

Table 4-1 Summary of Web tools

Millions more !!

Hands-On Ethical Hacking and Network Defense, Second Edition 5

Table 4-1 Summary of Web tools (cont’d.)

Hands-On Ethical Hacking and Network Defense, Second Edition 6

Conducting Competitive Intelligence

• Numerous resources to find information legally

– Competitive intelligence

• Gathering information using technology

• Security professionals must:

– Explain methods used to gather information

• Have a good understanding of methods

Hands-On Ethical Hacking and Network Defense, Second Edition 7

Analyzing a Company’s Web Site

• Easy source of critical information

– Many available tools

• Paros

– Powerful tool for UNIX and Windows OSs

– Requires Java J2SE

Hands-On Ethical Hacking and Network Defense, Second Edition 8

Hands-On Ethical Hacking and Network Defense, Second Edition 9

Figure 4-1 The main window of Paros

Hands-On Ethical Hacking and Network Defense, Second Edition 10

Analyzing a Company’s Web Site

(cont’d.)

• Paros: searching for a Web site

– Click Tools, Spider

– Enter Web site’s URL

– Check results

Hands-On Ethical Hacking and Network Defense, Second Edition 11

Figure 4-2 Entering a URL in the Input dialog box

Hands-On Ethical Hacking and Network Defense, Second Edition 12

Figure 4-3 Displaying filenames of all Web pages on a site

Analyzing a Company’s Web Site

(cont’d.)

• Paros: getting Web site structure

– Click Tree, Scan All

– Report includes:

• Vulnerabilities

• Risk levels

• Gathering information this way:

– Time consuming

Hands-On Ethical Hacking and Network Defense, Second Edition 13

Hands-On Ethical Hacking and Network Defense, Second Edition 14

Figure 4-4 The Paros scanning report

Using Other Footprinting Tools

• Whois

– Commonly used

– Gathers IP address

and domain

information

– Attackers can also

use it

Hands-On Ethical Hacking and Network Defense, Second Edition 15

Figure 4-5 Viewing information with the SamSpade

Whois utility

Using E-mail Addresses

• E-mail addresses

– Help retrieve even more information

• Find e-mail address format

– Guess other employees’ e-mail accounts

• Tool to find corporate employee information

– Groups.google.com

Hands-On Ethical Hacking and Network Defense, Second Edition 16

Using HTTP Basics

• HTTP operates on port 80

• HTTP commands

– Pull information from a Web server

• Basic understanding of HTTP

– Beneficial for security testers

• Return codes

– Reveal information about OS used

• HTTP methods

– GET/ HTTP/1.1.

Hands-On Ethical Hacking and Network Defense, Second Edition 17

Hands-On Ethical Hacking and Network Defense, Second Edition 18

Table 4-2 HTTP client errors

Don’t send error messages back

Hands-On Ethical Hacking and Network Defense, Second Edition 19

Table 4-3 HTTP server errors

Don’t send error messages back

Hands-On Ethical Hacking and Network Defense, Second Edition 20

Table 4-4 HTTP methods

Hands-On Ethical Hacking and Network Defense, Second Edition 21

Figure 4-6 Using the OPTIONS HTTP method

Hands-On Ethical Hacking and Network Defense, Second Edition 22

Figure 4-7 Using the HEAD HTTP method

Other Methods of Gathering

Information

• With just a URL, you can determine:

– Web server

– OS

– Names of IT personnel

• Other methods:

– Cookies

– Web bugs

Hands-On Ethical Hacking and Network Defense, Second Edition 23

Detecting Cookies and Web Bugs

• Cookie

– Text file generated by a Web server

– Stored on a user’s browser

– Information sent back to Web server when user

returns

– Used to customize Web pages

– Some cookies store personal information

• Security issue

Hands-On Ethical Hacking and Network Defense, Second Edition 24

Detecting Cookies and Web Bugs

(cont’d.)

• Web bug

– One-pixel by one-pixel image file

– Referenced in an <IMG> tag

– Usually works with a cookie

– Purpose similar to spyware and adware

– Comes from third-party companies

• Specializing in data collection

Hands-On Ethical Hacking and Network Defense, Second Edition 25

Using Domain Name Service Zone

Transfers

• Domain Name System (DNS)

– Resolves host names to IP addresses

– People prefer URLs to IP addresses

• Extremely vulnerable

• Zone transfer tools

– Dig and Host

• Determining primary DNS server

– Start of Authority (SOA) record

• Shows zones or IP addresses

– Zone transfer gives network diagram

Hands-On Ethical Hacking and Network Defense, Second Edition 26

Hands-On Ethical Hacking and Network Defense, Second Edition 27

Figure 4-9 Using the Dig command

Introduction to Social Engineering

• Older than computers

– Targets human component of a network

• Goals

– Obtain confidential information (passwords)

– Obtain other personal information

• Tactics

– Persuasion

– Intimidation

– Coercion

– Extortion/blackmailing

Hands-On Ethical Hacking and Network Defense, Second Edition 28

Introduction to Social Engineering

(cont’d.)

• Biggest security threat

– Most difficult to protect against

• Main idea:

– “Why try to crack a password when you can simply

ask for it?”

• Users divulge passwords to IT personnel

• Human behavior studied

– Personality traits

– Body language

Hands-On Ethical Hacking and Network Defense, Second Edition 29

Introduction to Social Engineering

(cont’d.)

• Techniques

– Urgency

– Quid pro quo

– Status quo

– Kindness

– Position

• Train users

– Not to reveal information

– To verify caller identity

• Ask questions and call back to confirm

Hands-On Ethical Hacking and Network Defense, Second Edition 30

Hands-On Ethical Hacking and Network Defense, Second Edition 31

Figure 4-10 The

OSSTMM social-

engineering template

The Art of Shoulder Surfing

• Shoulder surfer

– Reads what users enter on keyboards

• Logon names

• Passwords

• PINs

• Tools

– Binoculars or high-powered telescopes

– Key positions and typing techniques

– Popular letter substitutions

• $ equals s, @ equals a

Hands-On Ethical Hacking and Network Defense, Second Edition 32

The Art of Shoulder Surfing (cont’d.)

• Prevention

– Avoid typing when:

• Someone is nearby

• Someone nearby is talking on cell phone

– Computer monitors:

• Face away from door or cubicle entryway

– Immediately change password if you suspect

someone is observing you

Hands-On Ethical Hacking and Network Defense, Second Edition 33

The Art of Dumpster Diving

• Attacker finds information in victim’s trash

– Discarded computer manuals

– Passwords jotted down

– Company phone directories

– Calendars with schedules

– Financial reports

– Interoffice memos

– Company policy

– Utility bills

– Resumes

Hands-On Ethical Hacking and Network Defense, Second Edition 34

The Art of Dumpster Diving (cont’d.)

• Prevention

– Educate users

• Dumpster diving

• Proper trash disposal

– Format disks before disposing them

• Software writes binary zeros

• Done at least seven times

– Discard computer manuals offsite

– Shred documents before disposal

Hands-On Ethical Hacking and Network Defense, Second Edition 35

The Art of Piggybacking

• Trailing closely behind an employee cleared to

enter restricted areas

• How it works:

– Watch authorized personnel enter an area

– Quickly join them at security entrance

– Exploit desire to be polite and helpful

– Attacker wears a fake badge or security card

Hands-On Ethical Hacking and Network Defense, Second Edition 36

The Art of Piggybacking (cont’d.)

• Prevention

– Use turnstiles

– Train personnel to notify security about strangers

– Do not hold secured doors for anyone

• Even people they know

– All employees must use access cards

Hands-On Ethical Hacking and Network Defense, Second Edition 37

Phishing

• Phishing e-mails

– “Update your account details”

– Usually framed as urgent request to visit a Web site

• Web site is a fake

• Spear phishing

– Combines social engineering and exploiting

vulnerabilities

– E-mail attacks directed at specific people

• Comes from someone the recipient knows

• Mentions topics of mutual interest

Hands-On Ethical Hacking and Network Defense, Second Edition 38

Hands-On Ethical Hacking and Network Defense, Second Edition 39

Figure 4-12 A phishing e-mail

Summary

• Footprinting

– Gathering network information with Web tools

• Competitive intelligence

– Gathered through observation and Web tools

• IP addresses and domain names

– Found by using tools (e.g., SamSpade)

• Cookies and Web bugs

– Collect and retrieve user’s information

• Zone transfers

– Used to obtain network topologies

Hands-On Ethical Hacking and Network Defense, Second Edition 40

Summary (cont’d.)

• Social engineering

– Attacks using human nature

• Many methods

– Educate personnel

• Attacker techniques

– Shoulder surfing

– Dumpster diving

– Piggybacking

– Phishing

Hands-On Ethical Hacking and Network Defense, Second Edition 41