Hedaia Mahmood Al-Assouli - Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks

Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks

By

Dr. Hidaia Mahmood Alassouli

Hidaia_alassouli@hotmail.com

While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks

Copyright 2021 Dr. Hidaia Mahmood Alassouli.

Written by Dr. Hidaia Mahmood Alassouli.

Reconnaissance is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect information about a target system. During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible.

Footprinting refers to the process of collecting as much as information as possible about the target system to find ways to penetrate into the system. An Ethical hacker has to spend the majority of his time in profiling an organization, gathering information about the host, network and people related to the organization. Information such as ip address, Whois records, DNS information, an operating system used, employee email id, Phone numbers etc is collected.

Network scanning is used to recognize available network services, discover and recognize any filtering systems in place, look at what operating systems are in use, and to protect the network from attacks. It can also be used to determine the overall health of the network.

Enumeration is defined as the process of extracting user names, machine names, network resources, shares and services from a system. The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.

The objective of the report is to explain to the user Footprinting, Reconnaissance, Scanning and Enumeration techniques and tools applied to computer networks

The report contains of the following parts:

• Part A : Lab Setup
• Part B: Foot printing and Reconnaissance
• Part C: Scanning Methodology
• Part D: Enumeration

You can download all hacking tools and materials from the following websites

http://www.haxf4rall.com/2016/02/13/ceh-v9-pdf-certified-ethical-hacker-v9-courseeducatonal-materials-tools/

www.mediafire.com%2Ffolder%2Fad5szsted5end%2FEduors_Professional_Ethical_Hacker&h=gAQGad5Hf

1) Setup lab

• From the virtualization technology with software VMware or virtual box we can do more than one virtual machines, one linux and other windows 2007 or windows Xp
• Download vmware and install it
• Create folder edurs-vm in non-windows partition. Create a folder for each operating system
• Install any windows operating system.
• Download backtrack

• To install backtrack on usb, download unebootin. We need also to use the tool to support booting from flash memory in vmware.

• Download and install kali linux

• Download and install metasploit.

Metasploit is big project that contains a lot of modules or programs. These modules or programs can utilize the holes in windows machines or linux machines operating systems. For any hole that occur in the operating systems, we can develop the program that can utilize this hole. We can work on it through command line or graphical interface. The programs that use graphical interface are armitage and Koblet Strike . In linux we can update the metasploite using command msfupdate.

1)Footprinting and Reconnaissance

• Use nslookup to get information about server.
• see dnsstuf to get information about server domain .
• Use www.ip-address.com to get information about server.
• Use www.robtex.com to get information about server domain.
• Use backtack or any linux machine to know the dns servers of certain domain. For example,

Dig t NS Wikimedia.org

• Use backtack or any linux machine to know the A and MX records of certain domain. For example,

Dig t A Wikimedia.org

Dig t MX Wikimedia.org

• To see the zone transfer

Dig t AXFR Wikimedia.org @ ns1.wikimedia.org

• We can see all the records in that dns server.
• We can use the nslookup command to see the host of certain ip address

Nslookup type= ptr 31.13.81.17

• We can use who.is to know information about server , when created , and when expired and all information about that the dns servers of domain and about the administrator. You can get the same information from backtrack terminal. Write

whois Microsoft.com

• We can use tool called smartwhois to get same information.
• We can use tool called countrywhois to get information about country of a domain.
• We can use tool called lanwhois to get same information from who.is.
• There is tool called alchemy eye to make monitoring for certain services in a target server. It can check the status of certain services on a server.
• Use robots.txt file to know what is not allowed on the website. Eg www.microsoft.com/robots.txt
• To search site in google write eg, site:tedata.com filetype:pdf. You can search the following in google

Intitele: search in the title page

Inurl: search in the url page

Site: search on site

Link: other sites that links to our subject

Inanchor: search on hyperlinks

Filetype: search to see pattern yet

• There is google hacking data base. You can find exploits in www.exploit-db.com in ghdb section.
• You can use sitedigger to get the dorks of any site.
• You can use theHarvester to get the emails of certain domain. From the backtrack write for example,

#./theharvester.py d Microsoft.com l 500 b google

• You can search emails using the exploitation tools in back track. Type in the command line msfconsole

# msfconsole .

From the command msf, write

msf > search email

It will bring all modules that have emails. Take one module

Auxiliary /gather/ search_email_collector

Write

Msf> use Auxiliary /gather/ search_email_collector

Then write " info "

Msf> info

Then write " set DOMAIN Microsoft.com"

Msf> set DOMAIN Microsoft.com

Then write "run"

Msf> run

• You can use Maltego tool. When you run the program, choose company stalker, write the name of the company ie Microsoft.com. It will brings the email of the domain. Take the domain Microsoft.com, then click run transform.
• You can use piple search or facebook.
• You can use the website truecaller website to find the person of certain phone number .
• You can use metadata collector tools. Two tools used, metagofil, FOCA
• Metagofil tool is in backtrack. For example write

#/pentest/enumeration/google/metagoofilo

#./metagoofil.py d Microsoft.com - t doc,pdf -l 200 n 50 o microsoftfiles f results.com