This lesson presents material from chapter 5. Objectives
important to this lesson:
Information gathering
Website information
Financial information
Google hacking
Domain information leakage
Employees
Insecure applications
Social networks
Basic countermeasures
Concepts:
Chapter 5
The chapter begins with a list of six objectives that might be
pursued in gathering information about a target. The first two
objectives, gathering public facing information and determining
basic network information, are more passive than the rest. This
places these objectives in the category of footprinting,
determining information about a target without much probing of a
network.
The text opens its discussion of footprinting with the
examination of a target's web site, mentioning that we should look for phone
lists, organization charts, and other such documents that
provide the names of employees, their positions, their phone
numbers, and their email addresses. The text mentions that
some organizations have become smarter about what they keep on their
public facing sites, but they may not have always done so. An attacker
may find that this is the case by looking for the target in the Internet Archive
with its search engine, the Wayback Machine. The site can show you what
lots of things on the Internet used to look like. The text is careful
to say that there is no guarantee that an older version of a web site
will hold information that is still valid, but it is worth a try. The
suggested counter to this technique is to use a robots.txt
file to prevent polite web crawlers from recording information in some
or all of a web site. More information about the syntax to use in this
file can be found in the Wikipedia article on the subject.
The text continues with an idea about harvesting technical
information about a target. Job postings for technical positions
are likely to list skill and experience requirements that provide
insight into the products and equipment that are used by a company,
which in turn should suggest possible attack vectors on the target.
Location information about interviews can also be useful, if the
locations of data centers for the target are not known. The text
suggests that job postings be made with less detail about the actual
employer or about the actual products being used to prevent this kind
of information gathering.
The text moves on to discuss financial data. Financial data is
often available from the public web site of a large entity, but is also
available from the Securities
and Exchange Commission for companies with publicly traded
stocks. Why does an attacker want this information? If the attacker is
after money, it makes sense to seek targets with lots of it. The text
offers four other web sites with financial information on page 111. If
you are protecting a site, you should know what kind of prize it
appears to be in these databases.
The next topic is Google hacking.
The text tells us that Google has access to more than web page data,
which most of us have seen in search results, but most of us have not
thought about the extent of the other information available. The term
"Google hacking" refers to doing searches on Google in ways that are
not intended by Google. Note the search commands that the text
discusses that enable us to search for words in document titles
(intitle:), for documents of specific types (filetype:), and for links
that have specific words or strings in their URLs (inurl:). The
concepts may be useful in looking for information about a specific
target.
The text spends a few pages on domain and DNS information,
which has already been discussed. It also explains the use of traceroute (which is the command on
Linux/UNIX) and its Windows version, tracert.
A reason for a hacker to use traceroute, besides general information,
is to see if it can reveal the name and IP address of a border device
on the target's network.
The text discusses looking for information on a target posted
by employees on social media
sites. Posting information about one's employer is discouraged unless
permission has been given to do so, but people who are unhappy with
their boss, job, or situation are prone to do so without regard to
company policy.
The last section in the chapter is about countermeasures, some
of which are mentioned along the way. If information is not meant for
the public, don't put it on the Internet. Protect sensitive information
with firewalls. Make public information generic, using job titles
instead of names and reception desk phone numbers instead of personal
extensions.
Assignments
This week you need to submit Assignment 2 and Part 2 of the ongoing
course project.