HomeBlogCoursesEthical Hacking – What is Footprinting and Reconnaissance

Ethical Hacking – What is Footprinting and Reconnaissance

Foot-printing:
Foot-printing is a convenient way for hackers to collect information about the users whose systems are going to be hacked. With this method the hackers can get to know the targets information’s like services running, open ports on the system, and remote access probabilities. This is the initial phase of hacking, so if done in a correct way the attacker can gain access to the users or the victim’s information in an easy and efficient way. Here the user is known as Target.
Foot-printing is the first step, and the cyber attacker tries to gain as much more information as required and uses it to enter into the targets system. The most needed information is checking the visibility of target and ways to collect the targets information can be known. If the target is an organization, then the information collected maybe company names, domain names, business subsidiaries, IP addresses, emails, key employees etc.
The Foot-printing process is also known as FRONT DOOR. This acquires the information as hostnames, address, exposed hosts, operating system used, its version, applications, etc.

There are few methods to be followed in Foot-printing process:

  1. Port Scanning:
    This helps to determine the TCP, UDP ports. Also, the operating system used by the target in their system. And helps to understand the relationship of each host.
  2. Google Hacking:
    The search engine google helps to collect the information of targets in a better and efficient way. This is because search engine has many features which helps the cyber attackers to perform searches using advanced operations and these uncover much more information about the targets (including the sensitive information).
  3. Ping Sweep:
    It is a process used by the hackers who wants to know which machines are working on the network of target. Ping uses ICMP packets to send echo requests and if device is not reachable it shows a message as “REQUEST TIMED OUT”. Else it waits for the reply. Pinger, Super Scan, Nmap, Angry IP Scanner are few tools used to perform Ping Sweeps.
  4. Who is lookup:
    This method can be used to collect basic database queries like domain name, IP address, block, location, etc., related to the target (Organization).
    This will be performed mostly on a LINUX operating system.
    This can’t be opposed and completely stopped from occurring, but the system can prevent its occurrences by following some conditions like deleting old unused accounts, unsubscribe from unwanted mails such as spams, use protected browsers such as TOR, DuckDuckGo because it uses stealth mode, using virtual private networks and many more processes.
    Reconnaissance:
    Reconnaissance is also an important stage of hacking process. In this case, the attacker collects the information same as in Foot-printing, but the difference is it collects the information about flaws of target machine, vulnerabilities which helps in penetration testing and data breaches also, in detail. The collected information reveals the critical vulnerabilities of target systems or machines.
    It helps in revealing most important and detailed information like IP address, subnet masks, topology, domain names, user & group names, operating system, architecture, TDP, UDP services, number of times password has been changed, account disable times, firewalls, telephone numbers, computer skills, designations and more.
    So, it helps the hacker to hack more easily by this process when compared to Foot-printing process.
    This is divided into two types – Passive Reconnaissance and Active Reconnaissance.
    • In Passive, the information will be gathered from openly available sources. As there are number of sources easily available, the collection process can be done easily. It is indirectly done by an attacker without accessing the system.
    • In Active, the attacker interacts with user’s computer system and collects information using scanning and eavesdropping kind of techniques. This information will be accurate, correct, and effective. But the occurrence can be detected.
    Netcat and Nmap are some of the best tools for Reconnaissance. As a connection is established and it uses active process, the information gathered will be accurate and cyber attacker can gain more detailed information, this is known as Enumeration. It has various types such as DNS Enumeration, Windows, Linux, NTP, SNMP and more.
    Few steps to be followed to prevent Enumeration are:
  5. Use NIC database to prevent social engineering against IT department.
  6. Configure Name servers to disable DNS zone transfer for untrusted hosts and webservers for storing files. Avoid storing sensitive files on FTP, HTTP, etc.
  7. Configure SMTP servers to ignore spam mails.
  8. Disable Server Message Block protocol (SMB protocol) which is used for sharing access to files, printers, etc.
  9. Using NLTM (New Technology LAN Manager) authorization to limit access for authorized users.

Updates on Latest Cyber Attack on an Application:

Cash App:

Cash App is a mobile payment service available in the United States and the United Kingdom that allows users to transfer money to one another using a mobile phone app. The cyber-attack in this case didn’t come from a previously unknown digital vulnerability. But it was attacked by a former employee of the company who had accessed the company’s server and sent the users’ details outside the organization.
Sensitive information of 8+ million users was shared on open public forums by the attackers. But this information wasn’t sufficient to access users bank accounts and to take the money from their accounts.

Such data / information security breaches are becoming increasingly common across the globe and cause extreme damage to the companies. To avert such attacks companies are hiring cyber security professionals to hep protect their data and IT infrastructure from getting hacked by cyber criminals. The Offensive Defense Certified Professional – Blue (ODCP-B) program by the Offensive Defense is designed to develop and re-enforce Cyber security skills to get you ready for such challenging and high paying roles. Know more at https://offdef.com/brochure/.

Leave a Reply

Your email address will not be published. Required fields are marked *

Offdef Cyber Solutions LLP

Course, programme, website content and curriculum listed are subject to change.

Company

Offerings

Contact Us

LLP IN: ACD-8141

GST:  36AAIFO7509E1Z7

Copyright © 2023 offdef.com 

  • Academy
  • About
  • Contact
This is a staging enviroment