It's Second Post

Friday, January 25, 2013 

¥ What Is Footprinting?

Footprinting is the first and most convenient way that hackers use to gather information 
about computer systems and the companies they belong to.  The purpose of footprinting to 
learn as much as you can about a system, it's remote access capabilities, its ports and 
services, and the aspects of its security.

In order to perform a successful hack on a system, it is best to know as much as you can, 
if not everything, about that system.  While there is nary a company in the world that 
isn't aware of hackers, most companies are now hiring hackers to protect their systems.  
And since footprinting can be used to attack a system, it can also be used to protect it.  
If you can find anything out about a system, the company that owns that system, with the 
right personell, can find out anything they want about you.

In this talk, I will explain what the many functions of footprinting are and what they do. 
I'll also footprint everyone's favorite website, just to see how much info we can get on 
Grifter.

¥ Open Source Footprinting

Open Source Footprinting is the easiest and safest way to go about finding information 
about a company.  Information that is available to the public, such as phone numbers, 
addresses, etc.  Performing whois requests, searching through DNS tables, and scanning 
certain IP addresses for open ports, are other forms of open source footprinting.  Most 
of this information is fairly easy to get, and getting it is legal, legal is always good.

Most companies post a shit load of information about themselves on their website.  A lot 
of this information can be very useful to hackers and the companies don't even realize it.  
It may also be helpful to skim through the webpage's HTML source  to look for comments.  
Comments in HTML code are the equivalent to the small captions under the pictures in high 
school science books.  Some comments found in the HTML can hold small tid-bits of info 
about the company, otherwise not found anywhere else.

¥ Network Enumeration

Network Enumeration is the process of identifying domain names and associated networks.  
The process is performing various queries on the many whois databases found on the 
internet.  The result is the hacker now having the information needed to attack the system 
they are learning about.  Companie's domain names are listed with registrars, and the 
hacker would simply query the registrar to obtain the information they are looking for.  
The hacker simply needs to know which registrar the company is listed with.  There are 
five types of queries which are as follows:

Labels:

0 comments:

Post a Comment

Pages (6)12345 Next
Subscribe to: Post Comments (Atom)
 
Shoppingtest © 2012 | Designed by Bubble Shooter, in collaboration with Reseller Hosting , Forum Jual Beli and Business Solutions