1. CEH Lab ManualFootprinting a n d R e c o n n a i s s a n c e M o d u l e 02

2. Module 0 2 - Footprinting and R e co n n a issa n ceFootprinting a Target Network F o o tp rin tin g re fe rs to u n co verin g a n d co lle ctin g a s m uch in fo rm a tio n a s p o ssib le reg ard in g a ta rg e t n etn o rkL a b S c e n a r io Valuable m fonnation____Penetration testing is much more than just running exploits against vulnerableTest your know ledgebegins before penetration testers have even made contact w ith the vic tim ssAWeb ex ercisethem returns a shell, a penetration tester meticulously studies the environm entmWorkbook reviewtester runs an exploit, he or she is nearly certain that it w ill be successful. Sincesystems like we learned about111the previous module.111fact, a penetration testsystems. Rather than blindly throwing out exploits and praying that one o f for potential weaknesses and their mitigating factors. By the time a penetration failed exploits can111some cases cause a crash or even damage to a victimsystem, or at the very least make the victim un-exploitable111the fiiUire,penetration testers w on't get the best results, or deliver the most thorough report to then clients, i f they blindly turn an automated exploit machine on the victim netw ork w ith no preparation.L a b O b je c t iv e s T he objective o f the lab is to extract inform ation concerning the target organization that includes, but is not lim ited to: IP address range associated w ith the targetPurpose o f organization and w h y does it existsH o w big is the organization? W h a t class is its assigned IP Block?Does the organization freely provide inform ation on the type o f operating systems employed and netw ork topology 111 use?Type o f firewall im plem ented, either hardware or software or com bination o f bothDoes the organization allow wireless devices to connect to wired networks?Type o f rem ote access used, either SSH orT NIs help sought on I T positions that give inform ation on netw ork services provided by the organization?C E H Lab Manual Page 2Ethical Hacking and Countemieasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 3. Module 0 2 - Footprinting and R e co n n a issa n ceIdentitV organizations users w h o can disclose their personal inform ation that can be used fo r social engineering and assume such possible usernames& Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 02 Footprinting and ReconnaissanceL a b E n v ir o n m e n t Tins lab requires: Windows Server 2012 as host machineA web browser w ith an Internet connectionAdministrative privileges to11111 toolsL a b D u r a t io n Time: 50 ]MinutesO v e r v ie w o f F o o t p r in t in g Before a penetration test even begins, penetration testers spend tune w ith their clients working out the scope, mles, and goals ot the test. The penetration testers may break111 using any meansnecessary, from information found111 thedumpster,to web application security holes, to posing as the cable guy. A fter pre-engagement activities, penetration testers begin gathering information about their targets. O ften all the information learned from a client is the list o f IP addresses a n d /o r web domains that are111scope. Penetration testers then learn asmuch about the client and their systems as possible, from searching for employees on social networking sites to scanning die perimeter for live systems and open ports. Taking all the information gathered into account, penetration testers sftidv the systems to find the best routes o f attack. Tins is similar to what an attacker would do or what an invading army would do when trying to breach the perimeter. Then penetration testers move into vulnerabilitv analysis, die first phase where they are actively engaging the target. Some might say some port scanning does complete connections. However, as cybercrime rates nse, large companies, government organizations, and other popular sites are scanned quite frequendy. During vulnerability analysis, a penetration tester begins actively probing the victim systems for vulnerabilities and additional information. O nly once a penetration tester has a hill view o f the target does exploitation begin. Tins is where all o f the information that has been meticulously gathered comes into play, allowing you to be nearly 100% sure that an exploit will succeed. Once a system has been successfully compromised, the penetration test is over, right? Actually, that's not nglit at all. Post exploitation is arguably the most important part o f a penetration test. Once you have breached the perimeter there is whole new set o f information to gather. Y o u may have access to additional systems that are not available from the perimeter. The penetration test would be useless to a client without reporting. Y o u should take good notes during the other phases, because during reporting you have to tie evervdiing you found together 111 a wayC E H Lab Manual Page 3Ethical Hacking and Countemieasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 4. Module 0 2 - Footprinting and R e co n n a issa n ceeveryone from the I T department who w ill be remediating the vulnerabilities to the business executives who will be approving die budget can understand. mTASK 1 OverviewLab T asks Pick an organization diat you feel is worthy o f vour attention. Tins could be an ed u c a tio n a l in stitu tion , a co m m e rcia l com pany.01 perhapsa nonprofitcharity. Recommended labs to assist you111 footprinting;Basic N etw o rk Troubleshooting Using the ping u tility and nslookup ToolPeople Search Using Anyw ho and Spokeo Online ToolAnalyzing D om ain and IP Address Queries Using Sm artW hoisN etw o rk Route Trace Using Path A nalyzer ProTracing Emails Using e M a ilT ra c k e rP ro T oo lCollecting Inform ation A bout a targets Website Using FirebugMirroring Website Using H T T ra c k W eb S ite C opier ToolExtracting Companys Data Using W eb D ata E x tra c to rIdentifying Vulnerabilities and Inform ation Disclosures using S earch Diggity111 Search EnginesL a b A n a ly s is Analyze and document the results related to die lab exercise. Give your opinion011your targets security posture and exposure through public and tree information.P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS R EL A TE D TO THI S LAB.C E H Lab Manual Page 4Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 5. Module 0 2 - Footprinting and R e co n n a issa n ceLab1Footprinting a Target Network Using the Ping Utility 0 u tility )1P in g is a co m p uter n etw o rk a d m in is tra tiu sed to te s t th e re a c h a b ility o f ah o st on a n In te rn e tp ro to c o l (IP ) n e tw o rk a n d to m easure th e ro n n d - trip tim e fo r m essages se n tfro m th e o rig in a tin g h o st to a d e stin a tio n com puter.I CON KEY [ 7Valuable Z information Test your know ledge_____ *Web ex ercise Workbook reviewL a b S c e n a r io As a professional p e n e tra tio n te s te r, you w ill need to check for the reachability o f a com puter111a network. Ping is one o f the utilities that w ill allow you togather im portant inform ation like IP address, m axim um P a c k e t Fam e size, etc. about the network com puter to aid111 successfulpenetration test.L a b O b je c t iv e s Tins lab provides insight into the ping com m and and shows h ow to gather inform ation using the ping command. T he lab teaches h ow to: & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 02 Footprinting and ReconnaissanceUse ping Em ulate the tracert (traceroute) com m and w ith pingFind m axim um frame size for the networkIdentity IC M P type and code for echo request and echo reply packetsL a b E n v ir o n m e n t T o carry out tins lab you need: A dm inistrative privileges to run toolsTCP/IP settings correctly configured and an accessible DNS serverC E H Lab Manual Page 5Tins lab w ill w o rk 111 the C E H lab environm ent - on W indow s S erver 20 1 2 . W indow s 8, W indow s S erver 2 0 0 8 , and W indow s 7Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 6. Module 0 2 - Footprinting and R e co n n a issa n ceL a b D u r a t io n Tune: 10 MinutesO v e r v ie w o f P in g & PING stan s for d Packet Internet Groper.The ping command sends Internet Control Message Protocol (ICMP) echo requestPing com and S m yntax: ping [-q] [-v] [-R [-c ] Count] [-iWait] [-s PacketSize] Host.response process, ping measures the tune from transmission to reception, known aspackets to the target host and waits tor an ICMP response. D uring tins requestdie round-trip tim e, and records any loss o f packets.Lab T asks 1.Find the IP address tor h ttp :/ Avww.cert 1hedhacker.com2.T o launch S ta rt menu, hover the mouse cursor in the low er-left corner o f the desktopFIGURE 1 :W .1 indow S s erver 2012 Desktopview Locate IP Address3.Click Com m and Prom pt app to open the com m and pro m p t w in do wFIGURE 1 : W .2 indow S s erver 2012 pps A Type ping w w w .c e rtifie d h a c k e r.c o m For the com and, m ping -c count, specify the num of echo requests to ber send.C E H Lab Manual Page 6111 thecom m and prom pt, andpress E nter to find out its IP address b.T h e displayed response should be similar to the one shown111 thefollowing screenshotEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 7. Module 0 2 - Footprinting and R e co n n a issa n ceAdministrator: C:Windowssystem32cmd.exem The ping command, ping wait, m i eans wait tim that is the num of e, ber seconds to wait betw een each ping.!* ' 'C:)ping uuu.certifiedhacker.com Pinging www.certifiedhacker.com [202.75.54.1011 with 32 bytes of data: Request timed out. Reply from 202.?5.54.101: bytes=32 time=267ms TTL=113 Reply fron 202.75.54.101: bytes=32 time=288ms TTL=113 Reply fron 202.75.54.101: bytes=32 time=525ms TTL=113 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 3, Lost = 1 FIGURE 1 : The pingcom and toextract die IP ad re sfor w w .3 m ds w .certifiedhacker.com6. Y o u receive the IP address o f www.certifledhacker.com that is 2 0 2 .7 5 .5 4 .1 0 1 Y o u also get inform ation on Ping S ta tis tic s , such as packets sent, packets received, packets lost, and A pp ro xim ate round-trip tim e N o w , find out the m axim um frame size011the network. 111 thecom m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 500 Finding Maximum Frame Sizem Request time out is displayed because either the m achine is down or it im plem ents a packet filter/firewall.* Administrator: C:Windowssystem32cmd.exe:< ping www.certifiedhacker.com -f 0051 1 !Pinging www.certifiedhacker.com [202.75.54.101] with 1500 bytes of data: Packet needs to be fragmented but U set. P Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 0, Lost = 4 'D:>ping www.certifiedhacker.com - i 4 -n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Reply from 121.240.252.1: TTL expired in tra n s it. Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 ). W h e n 011110- (minusc o m m a n d lin e a n d s h o u ldnon-interactive mode. i.e . w h e n firs t a rg u m e n t isinternet address o f th e h o s t b e in g s e a rc h e d , p a ra m e te rs a n d th e q u e ry a res p e c ifie d as c o m m a n d lin e a rg u m e n ts111th e in v o c a tio n o f th e p ro g ra m . T h e11011 -in te r a c tiv e m o d e se a rch e s th e in fo rm a tio n fo r s p e c ifie d h o s t u s in g d e fa u lt n a m e s e rv e r. W it h n s lo o k u p y o u w ill e id ie r re c e iv e a n o n - a u d io n ta tiv e o r a u th o rita tiv e a n s w e r. Y o u re c e iv e anon-authoritative answ er b e c a u s e , b y d e fa u lt, n s lo o k u p ask s y o u rn a m e s e rv e r to re c u rs e111o rd e r to re s o lv e y o u r q u e ry a n d b e c a u s e y o u r n a m e s e rv e r isn o t a n a u th o rity fo r th e n a m e y o u a re a s k in g it a b o u t. Y o u c a n g e t a nauthoritativeansw er b y q u e ry in g th e a u th o rita tiv e n a m e s e rv e r fo r d ie d o m a in y o u a re in te re s te dCEH Lab Manual Page 14Ethical Hacking and Countemieasures Copyright by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited. 15. Module 02 - Footprinting and ReconnaissanceLab Tasks 1.Lau nchS ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r111th e lo w e r - le ftc o r n e r o f th e d e s k to pSTASK 1 Extract Information i j Windows Server 2012 fttn cM S w *2 1 ReleMQ d s e e 02 nxtditeO tm aiM 1a a nc p fk v lu tio o y *W IP P R P G S* 5 ; F I G U R E 2 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w2.C lic k th eCom m and Prom pt a p p to o p e n th e c o m m a n d p r o m p tw in d o wF I G U R E 2 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s,____3.T h e g e n e ra l111 th e c o m m a n d p r o m p t, ty p e4.N o w , ty p enslookup, a n d p re s s E nterc o m m a n d s y n t a x is n s l o o k u p [ - o p t io n ] [ n a m e|-] [ s e r v e r ] .CEH Lab Manual Page 15help a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila rto d ie o n e s h o w n111th e fo llo w in g fig u reEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 16. Module 02 - Footprinting and ReconnaissancessAdministrator: C:Windowssystem32cmd.exe - nslookupSC :)n s lo o k u p D e fa u lt S e rv e r: n s l.b e a m n e t. in A d dress: 2 0 2 .5 3 .8 .8.S 'T y p in g " h e lp " o r " ? " a tth e c o m m a n d p ro m p t g e n e r a t e s a lis t o f a v a ila b le com m and s.> h e lp Commands: ( i d e n t i f i e r s a re shown in u p p e rc a s e , LJ means o p t i o n a l ) NAME - p r i n t in fo about th e hos t/d o m ain NAME u s in g d e f a u lt s e r v e r NAME1 NAME2 - as abo ve, but use NAME2 as s e r v e r h e lp o r ? p r i n t in fo on common commands s e t OPTION - s e t an o p tio n a ll - p r i n t o p tio n s * c u r r e n t s e r v e r and host [no]debug - p r i n t debugging in fo rm a tio n [n o ld 2 p r i n t e x h a u s tiv e debugging in fo rm a tio n [n o Id e f name - append domain name to each query [n o !re c u rs e - ask f o r r e c u r s iv e answer to qu e ry [n o !s e a rc h - use domain sea rc h l i s t [no Ivc - alw ays use a v i r t u a l c i r c u i t domain =NAME - s e t d e f a u lt domain name to NAME s r c h l i s t = N 1 [ / N 2 / . . . / N 6 1 - s e t domain to N1 and s ea rc h l i s t to N 1 ,N 2, e t c . ro o t =NAME - s e t ro o t s e r v e r to NAME re try = X - s e t number o f r e t r i e s to X t imeout=X s e t i n i t i a l tim e -o u t i n t e r v a l to X seconds - s e t q u e ry typ e ( e x . A,AAAA,A*AAAA,ANY,CNAME,MX,NS,PTR, ty p e =X S0A,SRU) q u e ry ty p e =X - same as type c la s s X s e t q u e ry c la s s F IL E ] - l i s t addresses in DOMAIN ( o p t io n a l: o u tp u t to F IL E ) -a l i s t c a n o n ic a l names and a lia s e s -d l i s t a l l rec o rd s - t TYPE l i s t re c o rd s o f th e g iven RFC re c o rd ty p e ( e x . A,CNAME,MX,NS, PTR e t c .> view FILE - s o r t an ' I s ' o u tp u t f i l e and view i t w ith pg - e x i t th e program e x it >F I G U R E 2 .3 : T h e n s l o o k u p c o m m a n d w i t h h e lp o p t i o n5.111 th e n s lo o k u p6.N o w , ty p einteractive m o d e , ty p e set type=a a n d p re s s Enterw w w .certifiedhacker.com a n d p re ss Enter. T h e d is p la y e dre s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n111d ie fo llo w in g fig u reNote: T h e D N S s e rv e r A d d re s s (2 0 2 .5 3 .8 .8 ) w ill b e d iffe r e n t fro m d ie o n e s h o w n111d ie s c re e n s h o tF I G U R E 2 .4 : h i n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o nUse Elicit Authoritative7.Y o u get but111Authoritative o r Non-authoritative answer. T h e a n s w e r v a n e s ,d iis la b , it isNon-authoritative answ er8.L i n s lo o k u p in te r a c tiv e m o d e , ty p e9.N o w , ty p eset type=cnam e a n d p re s s Entercertifiedhacker.com a n d p re s s EnterNote: T h e D N S s e rv e r a d d re ss (8 .8 .8 .8) w ill b e d iffe r e n t d ia n d ie o n e111s c re e n s h o t10. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n as fo llo w s : >CEH Lab Manual Page 16s e tty p e = c n a m eEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 17. Module 02 - Footprinting and Reconnaissance>c e r t if ie d h a c k e r .c o mS e r v e r:g o o g le - p u b lic - d n s - a . g o o g le . co mA d d re s s :r QTASK8 . 8.8. 8Administrator: C:Windowssystem32cmd.exe ns... x3Find Cname> : n s lo o k u p) e f a ul tS e r v e r :I d d r e s s :g o o g l e - p u b l i c - d n s - a . g o o g l e . c o n8 . 8 . 8 . 8>s e tt y p e = c n a n e>c e r ti f i e dJ e r ue r :I d d r e s s :: e r ti fh a c k e r . c o ng o o g l e - p u b l i c d n s a. g o o g le . c o n8 . 8 . 8 . 8i e d h a c k e r pr i na r y. c o n n a n er e s p o n s i b l e ser i al=s e r u e r nai l=n s 0 . na d d r=a doy e a r l y f e e s . c o nn i n . n o y e a r l y f e e s . c o n3 5r e f r e s h=9 0 0(1 5n in s >r e=6 0 0( 1 0ne x p i r e=8 6 4 0 0dT T Lt r ye f a u l t=( 13 6 0 0i ns )d a y ) ( 1h o u r >II I F I G U R E 2.5:111 iis l o o k u p c o m m a n d , s e t t y p e = c n a m e o p t i o n11. 111 iis lo o k u p in te r a c tiv e m o d e , ty p eserver 64.147.99.90 (o r a n y o th e r I Pa d d re ss y o u re c e iv e in th e p re v io u s ste p ) a n d p re s s 12. N o w , ty p e 13. T y p eEnter.set type=a a n d p re s s Enter.w w w .certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s es h o u ld b e s im ila r to th e o n e s h o w n111d ie fo llo w in g fig u re .[SB Administrator: C:Windowssystem32cmd.exe - ns. L^.1 1 1 n s lo o k u p c o m m a n d , r o o t o p tio n m e a n s to set th e c u rre n t d e fa u lt s e r v e r t o th e r o o t.F I G U R E 2.6:111 n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n14. I I y o u re c e iv e arequest tim ed out m e ssa g e , as s h o w n in th e p re v io u sfig u re , d ie n y o u r fir e w a ll is p re v e n tin g y o u fro m s e n d in g D N S q u e rie s o u ts id e y o u r L A N .CEH Lab Manual Page 17Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 18. Module 02 - Footprinting and Reconnaissance15. 111 n s lo o k u p in te r a c tiv e m o d e , ty p e 16. N o w , ty p eset type=m x a n d p re s s Enter.certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s es h o u ld b e s im ila r to th e o n e s h o w n111d ie fo llo w in g fig u re . 'T o m a k e q u e iy t y p e o f N S a d e fa u lt o p t io n f o r y o u r n s lo o k u p c o m m a n d s , p la c e o n e o f th e f o llo w in g sta te m e n ts in th e u s e r _ id .N S L O O K U P .E N V d a t a s e t: s e t q u e r y t y p e = n s o r q u e ry ty p e = n s .F I G U R E 2 .7 : I n n s l o o k u p c o m m a n d , s e t t y p e = m x o p t i o nLab Analysis D o c u m e n t a ll d ie I P a d d re ss e s, D N S s e rv e r n a m e s , a n d o d ie r D N S in fo rm a tio n .T o o l/ U t ilit yIn f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d D N S S e r v e r N a m e : 2 0 2 .5 3 .8 .8 N o n - A u t h o r it a t iv e A n s w e r : 2 0 2 .7 5 .5 4 .1 0 1 C N A M E ( C a n o n ic a l N a m e o f a n a lia s )n s lo o k u pA lia s : c e r t 1 fie d h a c k e r .c o mC a n o n ic a l n a m e : g o o g le - p u b l 1 c- d 11s - a .g o o g le .c o mM XP LE A S ETA LKTO( M a i l E x c h a n g e r ) : m a 1 1 .c e rt1 fie d h a c k e r.c o mY O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.H A V EQ U E S T IO N SQuestions 1.A n a ly z e a n d d e te rm in e e a c h o t th e t o llo w in g D N S re s o u r c e re c o rd s : CEH Lab Manual Page 18SO AEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 19. Module 02 - Footprinting and Reconnaissance APT RC N A M EM X 2.N SSR YE v a lu a t e th e d iffe r e n c e b e tw e e n a n a u t h o r it a tiv e a n d n o n - a u d io r ita tiv e a n s w e r.3.D e te r m in e w h e n y o u w ill r e c e iv e re q u e s t tim e o u t in n s lo o k u p .In t e r n e t C o n n e c t io n R e q u ir e d 0YesP la t f o r m 0CEH Lab Manual Page 19N oS u p p o rte dC la s s r o o m !L a b sEthical Hacking and Countermeasures Copyright by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited. 20. Module 02 - Footprinting and ReconnaissancePeople Search Using th e AnyWho Online Tool A _n y W h o is an o n lin e w h ite p ag es p eo p le search d ire c to ry fo r q u ic k ly lo o k in g u p in d iv id u a lp h o n e num bers.Lab Scenario Valuable m fonnatioti______ Test your knowledge*dW eb exercisemW orkbook reviewY o u h a v e a lre a d y le a rn e d d ia t d ie burst stag e m u c h in fo r m a tio n as p o s s ib le . re la te d to111111p e n e tra tio n te s tin g is to g a th e r asth e p re v io u s la b , y o u w e re a b le to tin d in fo rm a tio nDNS records u s in g th e n s lo o k u p to o l. I f a n a tta c k e r d is c o v e rs a fla wD N S s e rv e r, h e o r sh e w ill e x p lo it th e fla w to p e rfo rm111aa c a c h e p o is o n in g a tta c k ,m a k in g d ie s e rv e r c a c h e th e in c o r r e c t e n trie s lo c a lly a n d s e rv e th e m to o th e r u se rs th a t m a k e th e sa m e re q u e st. A s a p e n e tra tio n te ste r, y o u m u s t a lw a y s b e c a u tio u s a n d ta k e p re v e n tiv e m e a su re s a g a in s t a tta ck s ta rg e te d a t a n a m e s e rv e r b ysecurelyconfiguring nam e servers to re d u c e th e a tta c k e r's a b ility to c o r m p t a z o n e file w id i th e a m p lific a tio n re c o rd . T o b e g in a p e n e tra tio n te st it is a ls o im p o rta n t to g a th e r in fo rm a tio n a b o u t auserlocation to in tru d e in to th e u s e rs o rg a n iz a tio n s u c c e s s fu lly . 111 tin s p a rtic u la r la b , w e w ill le a rn h o w to lo c a te a c lie n t o r u s e r lo c a tio n u s in g d ie AnyWho o n lin e to o l.Lab Objectives T h e o b je c tiv e o f d u s la b is to d e m o n s tra te th e fo o tp rin tin g te c h n iq u e to c o lle c tconfidential information o n a n o rg a n iz a tio n , s u c h as then: key personnel a n d th e ir contact details, u s in g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm p e o p le H Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and ReconnaissanceCEH Lab Manual Page 20s e a rc h a n d p h o n e n u m b e r lo o k u p u s in g h ttp : / /w w w .a n y w h o .c o m .Lab Environment 111th e la b , y o u n e e d : A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio nA d m in is tra tiv e p riv ile g e s to ru n to o lsT in s la b w ill w o r k111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7Ethical Hacking and Countenneasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 21. Module 02 - Footprinting and ReconnaissanceLab Duration T u n e : 5 ] lu iu te sOverview of AnyWho A n y W h o is a p a rt o t d ieATTi fam ily o t b ra n d s , w liic h m o s tly to c u s e s o n lo c a lse a rch e s t o r p ro d u c ts a n d s e rv ic e s . T lie site lis ts in fo rm a tio n fro m th e (F u id a P e r s o n / R e v e r s e L o o k u p ) a n d th eW hite PagesY ellow Pages (F in d a B u s in e s s ).Lab Tasks 1.Lau nchS ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r o il th e lo w e r- le ftc o r n e r o f th e d e s k to pmA n y W h o a llo w y o u tos e a r c h f o r l o c a l b u s in e s s e s b y n a m e to q u ic k ly fin d t h e i r Y e l l o w P a g e s l i s t in g s w i t h b a s ic d e ta ils a n d m a p s ,8 W in d o w s Se rver 2012p lu s a n y a d d it io n a l t im e a n d m o n e y - s a v in g fe a tu re s ,Window* Serve! 2 12 Rele< Candidate Server 0 aefviluaiioft copy R tld us u c h as c o u p o n s , v id e o KIWIp r o f ile s o r o n lin e r e s e r v a t io n s .F I G U R E 3 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w2.C lic k th eGoogle Chrom e a p p to la u n c h th e C h r o m e b r o w s e r01la u n c ha n y o th e r b r o w s e rF I G U R E 3 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p sTASK 1 People Search w ith AnyWhoCEH Lab Manual Page 213.L i d ie b ro w s e r, ty p ehttp://w ww .anywho.com . a n d p re s s Enter011d iek e y b o a rdEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 22. Module 02 - Footprinting and Reconnaissance4 * C (wwanyAo;orjA nyW ho 9 < .fc S LO K P k n n lu i m d mat c / l10iwcwy u itti d tfy tia o M If* !< * Get Public Records * view Praocitv &Area Information View Social Network Profile A4 (o/.Mim B 9 Mp 4D gD c n 0 9 k > a s rivh ire tio &M ore Information for Rose C Christian Email 300 otner Phone lookup Get Dttilac Background Information G! Pjtl'C RtCOtdS * Wew Property & A/ea Information * view Social Netarork Profile *Ro* E ChristianM ore information tor Ro E ChristianW *% 9t t tm m MM mmF I G U R E 3 .5 : A n y W h o P e o p l e S e a r c h R e s u lt sCEH Lab Manual Page 22Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 23. Module 02 - Footprinting and Reconnaissancetask26.C lic k d iesearch results to see d ie a d d re ss d e ta ils a n d p h o n e n u m b e r o fd ia t p e rs o nView ing Person InformationRose A Christian Southfield PI, 0-f -SH ' 6Add to Address Book | Print!re, MD 21212A re you R o se A Christian? Rem ove ListingInformation provided solely by InteliusGet DirectionsEnter Address mSouthfield PI.T h e s e a rc h r e s u lts3re. MD 21212C e t D ir e c t io n s>R e v e rse D irectionsd is p la y a d d re s s , p h o n e n u m b e r a n d d ir e c t io n s fo r t h e lo c a t io n .Gul f ofO 'J J t t Z 'jr / jn d u i-j 'jj l/.>! r-O jF I G U R E 3 .6 : A n y W h o - D e t a i l S e a r c h R e s u l t o f R o s e A C h r is t ia n7.S in u la d y , p e rfo rm a re v e rs e s e a rc h b y g iv in g p h o n e n u m b e r o r a d d re ss d iey = lT h e R everse P h o n e111Reverse Lookup h e ldC0 w /w w .anyvrtx> m everse-lookup .co L o o k u p s e r v ic e a llo w s v is it o r s t o e n t e r in a p h o n eAnyW hon u m b e r a n d im m e d ia t e lyW ta A flO O rcc-f. Pitert m35 > v*l o o k u p w h o i t is r e g i s t e r e dJLto . KkfcKSt LOOKUPkVHIfE PACESR everse Lookup | Find People By Phone NumberReverse LookupAnyWho's Reverse Phone LooKup service allows visitors to enter * * num and im ediately lookupw it is registered ber m ho to. Perhaps you mssed an incom phone call and want to ing knoww * is before you call back. Type the phone num in ho ber to the search box andwell performa white pages reverse lookup search fni out exactly who it is registered to If we ha* a m atch far the pnone num well show you the registrant's first ber and last nam and maim address If you w to do reverse e, g ant phone lookupfo a business phone num then check out r ber Rwrse Lookup at YP.com.| r| 0s x e 8185551212. (81 55-1 8)6 212HP Cell phone num bers are no ew t ailablePersonal iiJ6nnr.inc inform ationavailable onA ho nyW is n pwaed b A and is p y T&T rovided solerf b a y n i^affiatedthirdp inteliu Inc Full Di$daim arly s. erAbWJPC006 LO K P OUnF I G U R E 3 .7: A n y W h o R e v e r s e L o o k u p P a g eCEH Lab Manual Page 23Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 24. Module 02 - Footprinting and ReconnaissanceR e v e r s e lo o k u p w ill re d ire c t y o u to d ie s e a rc h re s u lt p a g e w id i d ie d e ta ile d in fo rm a tio n o f d ie p e rs o n fo r p a rtic u la r p h o n e n u m b e rn yp.com > ^-01 ema il a d d re ssCOa n y w h o yp .ye llo w p a g e s .c o m / re v e rs e p h o n e lo o k u p ?fro m = a n y w h o _c o b ra &Rose A Christian Southfield PI, - - lore. MD 21212Are you Rose A Christian7 Remove Listing U n p u b lis h e dGet Directionsd ir e c to r y re c o r d s a re n o t d is p la y e d . I f y o u w a n t y o u rEnter Addressr e s id e n t ia l lis t in g r e m o v e d , y o u h a v e a c o u p le o fSouthfield PI. *K>re, MD 21212 o p tio n s : T o h a v e y o u r lis t in gReverse Directionsu n p u b lis h e d , c o n t a c t y o u r lo c a l te le p h o n e c o m p a n y . T o h a v e y o u r lis t in gC h in q u a p in Pa r k B elvedereLa k e Ev e s h a mre m o v e d fro m A n y W h o w it h o u t o b t a in in g a nGo va n sto w nu n p u b lis h e d te le p h o n eW Northern Pkwy t N 'Ro se b a n kn u m b e r , f o llo w th e in s tr u c t io n s p r o v id e d inM i d -G o v a n sDnwciA n y W h o L is tin g R e m o v a l t o s u b m i t y o u r lis t in g f o r' /H / e W ooiP ' *C a m e ro n V illa g eW yndhu rstr e m o v a l.Chinqu4p Pork K e n il w o r t h P ark Ro l a n d Park W in s t o n -G o v a n sF I G U R E 3 .8 : A n y W h o - R e *e 1 s e L o o k u p S e a r c h R e s u l tLab Analysis A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d T o o l/ U t ilit y111d ie la b e x e rcise .In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d W h it e P a g e s ( F i n d p e o p le b y n a m e ) : E x a c t lo c a tio n o f a p e rs o n w it h a d d re s s a n d p h o n e n u m b e rA nyW hoG e t D ir e c t io n s : P r e c is e r o u te to th e a d d re s s fo u n d t o r a p e rs o n R e v e r s e L o o k u p ( F i n d p e o p le b y p h o n e n u m b e r ): E x a c t lo c a tio n o f a p e rs o n w it h c o m p le te a d d re s sCEH Lab Manual Page 24Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 25. Module 02 - Footprinting and ReconnaissancePLE A SETA LKTOY O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.H A V EQ U E ST IO N SQuestions 1.C a n v o u c o lle c t a ll th e c o n ta c t d e ta ils o f th e k e y p e o p le o f a n y o rg a n iz a tio n ?2.C a n y o u re m o v e y o u r re s id e n tia l lis tin g ? I t v e s , h o w ?3.I t y o u h a v e a n u n p u b lis h e d lis tin g , w h y d o e s y o u r in fo rm a tio n s h o w u p111A nyW ho? 4.C a n y o u tin d a p e rs o n111A n y W h o th a t y o u k n o w h as b e e n a t th e sa m elo c a tio n fo r a y e a r o r le s s ? I f y e s , h o w ? 5.H o w c a n a lis tin g b e re m o v e d fro m A n y W h o ?In t e r n e t C o n n e c t io n R e q u ir e d 0YesP la t f o r m 0CEH Lab Manual Page 25 N< S u p p o rte dC la s s r o o m !L a b sEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 26. Module 02 - Footprinting and ReconnaissancePeople Search Using the Spokeo Online Tool Sp o keo is a n o n lin e p eo p le search to o lp ro v id in g re a l- tim e in fo rm a tio n ab o u tp eo p le. T h is to o l h e lp s n ith o n lin e fo o tp rin tin g a n d a llo w s y o n to d isco ve r d e ta ils a b o u t p eo p le.ICONKEY(^ 7 Valuable information Test your knowledge W eb exerciseLab Scenario F o r a p e n e tra tio n te ste r, it is a lw a y s a d v is a b le to c o lle c t a ll p o s s ib le in fo rm a tio n a b o u t a c lie n t b e fo re b e g in n in g th e test. c o lle c tin g p e o p le in fo rm a tio n u s in g th e111th e p re v io u s la b , w e le a rn e d a b o u tAnyWho o n lin e to o l; s im ila rly , th e re a rem a n y to o ls a v a ila b le th a t c a n b e u se d to g a th e r in fo rm a tio n o n p e o p le , e m p lo y e e s , a n d o rg a n iz a tio n s to c o n d u c t a p e n e tra tio n test.111tin s la b , y o u w ill le a rn to u se th eSpokeo o n lin e to o l to c o lle c t confidential information o f k e y p e rs o n s mW orkbook review111ano rg a n iz a tio n .Lab Objectives T h e o b je c tiv e o t tin s la b is to d e m o n s tra te th e fo o tp rin tin g te c ln n q u e s to c o lle c tpeople information u sm g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm a p e o p le s e a rc h u sm g h tt p :/ / w w w .s p o k e o .c o m .Lab Environment 111& Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissanceth e la b , y o u n e e d : A w e b b ro w s e r w ith a n In te r n e t c o im e c tio nA d m in is tr a tiv e p riv ile g e s to ru n to o lsT in s la b w ill w o r k111th e C E Hla b e n v ir o n m e n t - o nW indow s S erver2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7Lab Duration T n n e : 5 M in u te sCEH Lab Manual Page 26Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 27. Module 02 - Footprinting and ReconnaissanceOverview of Spokeo S p o k e o a g g re g ates v a s t q u a n titie s o f p u b lic d a ta a n d o rg a n iz e s d ie in fo rm a tio n in to e a s y - to - fo llo w p ro file s . In fo r m a t io n su c h as n a m e , e m a il a d d re ss , p h o n e n u m b e r, a d d re ss , a n d u s e r n a m e c a n b e e a s ily fo u n d u s in g th is to o l.__________ Lab Tasks ~task11.People Search SpokeoS ta rt m e n u b y h o v e r in g th e m o u s e c u r s o rL a u n c h th e111th e lo w e r - le ftc o r n e r o f th e d e s k to p: 8 W in d o w s Server 2012w w i 1P"LW' WW d w Se e 2 1 R ieC d ateC in o s rv r 0 2 eled an id aiacealn __________________________________________ E lu tio c p .BuW84a va a n o y1DHF I G U R E 4 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w2.C lic k th eGoogle Chrom e a p p to la u n c h th e C h r o m e b ro w s e rStartMwugormFaS p o k e o 's p e o p l es e a rc h a llo w s y o u t o fin dComputero ld f r ie n d s , r e u n it e w i t hQc la s s m a t e s , t e a m m a t e s a n dA d m inistratorWindows IW r tto llAdm inistr... ToolsMannarHyppf-V VirtjalCommand Prompt* Tad( Marager^rn*m ilit a r y b u d d ie s , o r f i n d lo s t a n d d is t a n t fa m ily .EarthV 1 ______^Adobe Reader x' 1 , Gcoglc chromeTF I G U R E 4 .2 : W i n d o w s S e r v e r 2 0 1 2 - A p p s3.O p e n a w e b b ro w s e r, ty p ehttp://w ww .spokeo.com , a n d p re s s Enter o n d iek e y b o a rdCEH Lab Manual Page 27Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 28. Module 02 - Footprinting and Reconnaissance4C 'iw vlw iw iecccrrsp ck e o N*m etm *1Ho n *itvmnaAMn>[ mA p a rt fro m N a m eNot your grandma's phone books e a rc h , S p o k e o s u p p o rts f o u r ty p e s o f s e a rc h e s : E m a il A d d re ss Phone N um berQi U se rn am e R e s id e n tia l A d d r e s sF I G U R E 4 .3 : S p o k e o h o m e p a g e h t t p : / A f w v p . s p o k e o . c o m4.T o b e g in d ie s e a rch , in p u t d ie n a m e o f d ie p e rs o n y o u w a n t to se a rc h fo r d ie O M w < ** G111Nam e fie ld a n d c lic k Search ".!***?vw uw w k'OCC/nsp ck e o EmalPnw*UwrwwM tn iR o m ChriatanNot your grandma's phone bookc> vmF I G U R E 4 .4 : S p o k e o N a m e S e a r c h5.mS p o k e o re d ire c ts y o u tosearch results w id i d ie n a m e y o u h a v e e n te re dS p o k e o 's e m a i l s e a r c hs c a n s t h r o u g h 9 0 + s o c ia l n e t w o r k s a n d p u b lic s o u r c e s t o f i n d d i e o w n e r 's n a m e , p h o t o s , a n d p u b lic p r o file s .F I G U R E 4 .5 : S p o k e o P e o p l e S e a r c h R e s u lt sCEH Lab Manual Page 28Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 29. Module 02 - Footprinting and ReconnaissanceF I G U R E 4 .6 : S p o k e o P e o p l e S e a r c h R e s u lt smP u b lic p r o f ile s fr o ms o c ia l n e t w o r k s a re a g g re g a te d in S p o k e o a n d m a n y p la c e s , in c lu d in g s e a r c h e n g in e s .F I G U R E 4 .7 : S p o k e o P e o p l e S e a r c h R e s u lt s8.S e a rc h re s u lts d is p la y in g d ie and < cC TW A.poo Koe Christian -nteraCltyw yB c p u d iH a fc ro n| 1 raudrtIn# rfNm M* d ir *|Fam Eccroiric H f> ily > EfW G ino W anjMF I G U R E 4 .1 0 : S p o k e o P e o p l e S e a r c h R e s u lt s I U k !! O n l i n e m a p s a n d s tre e t v i e w a re u s e d b y o v e r11. S p o k e o s e a rc h re s u lts d is p la y d ieNeighborhood to r th e s e a rc h d o n e3 0 0 ,0 0 0 w e b s i t e s , i n c l u d i n g m o s t o n lin e p h o n e b o o k s1 *t3 A 7 0 latrtm a:367;a n d r e a l e s ta te w e b s it e s .s p ck e oF I G U R E 4 . 1 1: S p o k e o P e o p l e S e a r c h R e s u lt sCEH Lab Manual Page 30Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 31. Module 02 - Footprinting and Reconnaissance12. S im ila rly , p e rfo rm a mReverse s e a rc h b y g iv in g p h o n e n u m b e r, a d d re ss , e m a ilS p o k e o 's r e v e r s ep h o n e lo o k u p fu n c t io n s lik e a p e r s o n a l c a lle r - IDa d d re ss , e tc .111d ieSearch h e ld to fin d d e ta ils o f a k e y p e rs o n o r a no rg a n iz a tio ns y s t e m . S p o k e o 's r e v e r s e p h o n e n u m b e r s e a rc hootejp .'scafch> t= S UO&P ita g g re g a te s h u n d r e d s o f m illio n s o f p h o n e b o o ks p o k e o| ' [(*25 002-6080 | ) f o r m a t f o r s u c h b a t c h f i le s is s im p le : E a c h lin e m u s t b e g in w it h a n I P9009 le.c0 ma d d ress,nh o s tn a m e , o r d o m a in . I f y o u w a n t to p ro c e s s d o m a in n a m e s , th e y m u s t b e l o c a t e d i n a s e p a r a t e f i le fro m I Pad d resses a n dh o s tn a m e s .Dns Admin Google Inc. Please contact contact-admingSgoogle.com 1600 Amphitheatre Parkway Mountain View CA 94043 United States dns-admingoogle.com *1.6502530000 Fax: 1.6506188571DNS Admin Google Inc. 1600 Amphitheatre Paricway Mountain View CA 94043 United States dns-admin@qooale.com 1.6506234000 Fax: . 1.6506188571 DNS Admin I Google Inc. 2400 E. Bayshore Pkwy Mountain View CA 94043 United States dns-adm1 9009 le.c0 m 1.6503300100 Fax: ngi 1.6506181499 ns4.google.com 1 ns3.google.comF IG U R E8.C lic k th eC le a r ic o n5 .6 : T h e S m a r t W h o i s D o m a i n q u e r y r e s u l t111th e t o o lb a r to c le a r d ie h is to r y .Sm a rtW h o is E valu atio n V ersionFile Query Edit View Settings HelpJT^B>F IG U R Et9.T o p e r fo r m a s a m p le5 .7 : AS m a r t W h o is t o o lb a rhost nam e query, ty p e w w w .fa c e b o o k .c o m .Host Nam e QueryCEH Lab Manual Page 36Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 37. Module 02 - Footprinting and Reconnaissance10. C lic k th e h o s tn a m e IP, host or domain: iQuery ta b , a n d d ie n s e le c t As IP /H ostnam e a n d e n te r a 111d ie fie ld . v ^ c^ Q uery^ ^facebook.comF IG U R E11. mI f y o u w a n t to q u e ry a1115 .8 : AS m a r t W h o is h o s t n a m e q u e ryth e le f t p a n e o f th e w in d o w , th eresu lt d is p la y s , a n dp a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u rd o m a in r e g is tr a tio n111th e r ig h tquery.Sm artW hois * Evaluation Versiond a ta b a s e , e n t e r a d o m a in n a m e a n d h it th e E n t e r k e y w h ile h o ld in g th e C t r l k e y , o r ju s t s e le c t A s D o m a i nFile Query Edrt View Settings Help03 ? * At 'TSB>3>IP, host or domain: J www.facebook.com< Query >fr o m th e Q u e r y d ro p d o w nU Domain Administrator Facebook, Inc. 1 0 Willow Road 61 Menlo Park CA 94025 United States domainffifb.com -1.6505434800 Far 1.65 5 4 00 0 43 83Domain Administrator Facebook, Inc. 1 0 Willow Road 61 Menlo Park CA 94025 United States domainfb.com -1.6505434800 Fax: 1.6505434800 Domain Administrator 1 Facebook, Inc.1 0 Willow Road 61 Menlo Park CA 94025 United States doma1 nffifb.com 1.6505434800 Fax: 1.6505434800 ns3.facebook.com , ns5.facebook.comJ mI f y o u r e s a v i n gr e s u lt s a s a t e x t file , y o u c a nF IG U R E5 .9 : AS m a r t W h o i s h o s t n a m e q u e r y r e s u lts p e c if y t h e d a ta fie ld s t o b e s a v e d . F o r e x a m p le , y o u12. C lic k th eC le a r ic o n111th e t o o lb a r to c le a r th e h is to r y .c a n e x c lu d e n a m e s e r v e r s o r b illin g c o n t a c t s f r o m th e13. T o p e r fo r m a s a m p leIP Address q u e ry , ty p e th e I P a d d re s s 1 0 .0 .0 .3o u t p u t f i le . C l i c k S e t t in g s ) O p t io n s ^ T e x t &(W in d o w s 8 I P a d d re s s )111th eIP, host or dom ain fie ld .X M L t o c o n fig u r e th eo p tio n s .IP, host or domain:^10.0.0.3F IG U R E5 .1 0 : AS m a r t W h o is I P14. 111 th e le f t p a n e o f th e w in d o w , th ead d ress q u e ryresu lt d is p la y s , a n dp a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u rCEH Lab Manual Page 37111th e r ig h tquery.Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 38. Module 02 - Footprinting and Reconnaissance^3SmartWhois - Evaluation Version! I rxTile Query Edt View Settings Help jbb vIP, hast or domain; | 9 10.0.0.3L010.0.0.0 -10.255.255....^10.0.0.3X XH=y110.0.0.0 10255.255.255I .Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey CA 90292-6595 United StatesS m a r t W h o is s u p p o rts 69c o m m a n d lin e p a ra m e te r s!{ Query = >s p e c ify in g I PInternet Corporation for Assigned Names and Number 1-310-301 5820 9buse1ana,org y Internet Corporation for Assigned Names aid Number jj; A abuseO1ana.0 rg 301-5820 0-a d d r e s s / h o s t n a m e / d o m a in , a s w e l l as file s t o b e opened /saved.[nl > PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED Updated: 2004-02-24 Source: whois.arin.net Completed at 7/30/2012 12:32:24 PM Processing time: 0.14 seconds View source_________________JDoneF IG U R E5 .1 1 : T h e S m a r t W h o i s I Pq u e r y r e s u ltLab Analysis D o c u m e n t a ll th e I P a d d re s s e s / h o s tn a m e s f o r th e la b t o r f u r th e r in f o r m a t io n . T o o l/ U t ilit yIn f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d D o m a in n a m e q u e r y r e s u lt s : O w n e r o f th e w e b s ite H o s t n a m e q u e r y r e s u lt s : G e o g r a p h ic a l lo c a tio n o fS m a r t W h o isth e h o s te d w e b s ite IPa d d r e s s q u e r y r e s u lt s : O w n e r o f th e I P a d d re s sb lo c kPLE A SETA LKTOY O U R IN S T R U C T O R IF YO U R E L A T E D TO T H IS LAB.H A V EQ U E ST IO N SQuestions 1.D e te rm in e w h e th e r y o u c a n u se S m a r tW h o is i f y o u a re b e h in d a fir e w a ll o r a p ro x y s e rv e r.2. 3.CEH Lab Manual Page 38W h y d o y o u g e t C o n n e c tio n tim e d o u t o r C o n n e c tio n fa ile d e rro rs ? Is it p o s s ib le to c a ll S m a r tW h o is d ire c d y fro m m y a p p lic a tio n ? I f y e s , h o w ?Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 39. Module 02 - Footprinting and Reconnaissance4.W h a t a re L O C re c o rd s , a n d a re th e y s u p p o rte d b y S m a r tW h o is ?5.W h e n ru n n in g a b a tc h q u e ry , y o u g e t o n ly a c e rta in p e rc e n ta g e o f th e d o m a in s / IP a d d re sse s p ro c e s s e d . W h y a re s o m e o f th e re c o rd s u n a v a ila b le ?In t e r n e t C o n n e c t io n R e q u ir e d YesP la t f o r m 0CEH Lab Manual Page 39 N o S u p p o rte dC la s s r o o m0!L a b sEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 40. Module 02 - Footprinting and ReconnaissanceLabNetwork Route Trace Using Path Analyzer Pro P a th A n a ly s e r P ro d e liv e rs ad van ced n e tw o rk ro u te tra c in g n ith p e rfo rm a n ce tests, D N S , w ho/s, a n d n e tiro rk re so lu tio n to in ve stig a te n e tiro rk issu es.Lab Scenario Valuable information______U s in g th e in fo rm a tio nIP address, hostname, domain, e tc. fo u n d111th e p re v io u sla b , a cce ss c a n b e g a in e d to a n o rg a n iz a tio n s n e tw o rk , w h ic h a llo w s a p e n e tra tio n Test your knowledge =W eb exercise W orkbook reviewte s te rtop o s s ib leth o ro u g h lyle a rnv u ln e ra b ilitie s .aboutT a k in gth e a llo rg a n iz a tio n s th ein fo rm a tio np e n e tra tio n te ste rs s tu d y th e sy ste m s to tin d d ie b e s tn e tw o rke n v iro n m e n tg a th e re din tofo ra c c o u n t,routes of attack. T h e sa m etask s c a n b e p e rfo rm e d b y a n a tta c k e r a n d th e re s u lts p o s s ib ly w ill p ro v e to b e v e r y fa ta l fo r a n o rg a n iz a tio n . c o m p e te n t to tra c es u c h cases, as a p e n e tra tio n111te s te r y o us h o u ld b enetw ork route, d e te rm in e netw ork path, a n d tro u b le s h o o tnetw ork issues. H e r e y o u w ill b e g u id e d to tra c e d ie n e tw o rk ro u te u s in g d ie to o l Path Analyzer Pro.Lab Objectives Theo b je c t iv eo f tin sn e t w o r k p a th s , a n d I Pla bistoh e lps tu d e n tsresearch em ail addresses,a d d re s s e s . T h is la b h e lp s to d e te rm in e w h a t I S P , r o u te r ,o r s e rv e rs a re re s p o n s ib le f o r an e tw o rk problem.Lab Environment H Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance111th e la b y o u n e e d : D :CEH-ToolsCEHv 8 M odule 02 Footprinting and R econ n a is s a n c e T ra c e ro u te ToolsPath A nalyzer ProY o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o fP a t h A n a ly z e r p ro : P a t h A n a ly z e r p r o is lo c a te d a tI f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n 111CEH Lab Manual Page 40Path A n alyzer Pro fr o mth e lin k h tt p :/ / w w w .p a t h a 11a ly z e r .c o m / d o w n lo a d .o p pscreen sh ots s h o w nth e la b m ig h t d if f e rEthical Hacking and Countemieasures Copyright by EC-Council All Rights Reserved. Reproduction is Stticdy Prohibited. 41. Module 02 - Footprinting and ReconnaissanceW indow s S erver 2 0 1 2In s t a ll tin s t o o l o nD o u b le - c lic kF o llo w th e w iz a r d d r iv e n in s ta lla t io n to in s ta ll itA d m in is t r a t o r p r iv ile g e s to r u nPAPro27.m siPath A nalyzer ProLab Duration T u n e : 10 M in u te sOverview of Network Route Trace T ra c e ro u teisa c o m p u te r n e t w o r ktra n s it tim e sofp a c k e tsa c ro s sto o l anlo rm e a s u rin gIn t e r n e tp ro to c o lroute path a n dth e (IP )n e tw o r k .Thetra c e ro u te t o o l is a v a ila b le o n a lm o s t a ll U n ix - lik e o p e r a tin g s y s te m s . V a r ia n t s , T r a c e r o u t e is asu chastra c e p a th o n m o d e r n L in u x in s ta lla tio n s a n d tra c e rt o n M ic r o s o f ts y s te m a d m in is t r a t o r s u t ilit y to tr a c e th e r o u te I PW in d o w s o p e r a tin g s y s te m s w it h s im ila r f u n c tio n a lit y , a re a ls o a v a ila b le .p a c k e ts ta k e fr o m a s o u rc e s y s te m t o s o m e d e s t in a t io n s y ste m .Lab Tasks 1.F o llo w th e w iz a r d - d r iv e n in s ta lla t io n s te p s to in s ta ll P a t h A n a ly z e r P r o2.T o la u n c h th eS ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ftc o r n e r o f th e d e s k to pF I G U R E 6 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w3.T o la u n c hPath A nalyzer Pro, c lic k Path A nalyzer ProStart &111appsA dm inistratorP a t h A n a ly z e r P r os u m m a r iz e s a g iv e n tra c eServer M 1 nye1 O ucp(JHelp'C ReportN*T-f*rx/*fji Svnooab | ( 3 Charts [ QGeo | yl loo | OTrace|Onc-ttroe TraceSfcfasource Pat I RcnJw [65535^Tae Mods r cs I () Defaiit I C) FIN5*oc*tt fW/ASNNetivorkNam % e Acvanced Probe Detak _cr J of potkct g SrrartT]6^U tim fe 1 O SCnr*sec0ncsType-cf-55rvce () Urspcaficc O NWnte-Dday M3x1mun T 1 T_I lrtai Seqjerce Mmfce[*j Ran^orr |l UJF IN-$P a c k e t s O n ly -g e n e ra te s o n ly T C P p a c k e ts w it h th e F I Nfla g s e t in acct^otuo r d e r t o s o lic it a n R S T o r^r0 03laT C P re s e t p a c k e t as aF IG U R E6 .3 : T h e P a t h A n a l y z e r P r o M a i n w i n d o wr e s p o n s e f r o m th e ta rg e t. T h is o p tio n m a y g e t b e y o n d a fir e w a ll at th e6. S e le c t th eta rg e t, th u s g iv in g th e u s e rIC M P p r o to c o l in th e Standard Options s e c tio n . Standard Options Protocolm o r e tr a c e d a ta , b u t it c o u ld b e m is c o n s t r u e d a s a m a lic io u s a tta c k .ICMP |OTCP0UDPNAT-friendlySource Port 1 I Random65535-9-Tracing Mode ( ) D efault OA daptiveOFIN Packets OnlyF IG U R EmP a d i A n a ly z e r P r os u m m a r iz e a ll t h e r e le v a n t b a c k g r o u n d in fo r m a t io n o n7.U nder6 .4 : T h e P a t h A n a l y z e r P r o S t a n d a r d O p t i o n sA dvanced Probe D etails, c h e c k th e S m art o p tio nof p a c k e t s e c tio n a n d le a v e th e r e s t o f th e o p tio n s111111th eLengthtin s s e c tio n a tth e n d e fa u lt s e ttin g s .it s ta r g e t, b e i t a n I P a d d re ss, a h o s tn a m e , o r a n e m a il a d d ress.CEH Lab Manual Page 42Note: F ir e w a ll is r e q u ire d to b e d is a b le d f o r a p p r o p r ia te o u tp u tEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 43. Module 02 - Footprinting and ReconnaissancemAdvanced Probe Details Length o f packetP a d i A n a ly z e r P r ob e n e f it s :R e s e a rc h I P0ad d resses,Smart64Lifetimee m a il a d d re s s e s , a n d n e t w o r k p a th s *300P in p o in t a n dmillisecondstr o u b le s h o o t n e t w o r k a v a ila b ilit y a n dType-of-Servicep e r f o r m a n c e is s u e s () UnspecifiedD e te r m in e w h a t I S P ,Or o u t e r , o r s e r v e r is r e s p o n s ib le f o r a n e t w o r k p r o b le m Minimize-DelayMaximum TTL 30L o c a t e fire w a lls a n d o t h e r filt e r s t h a t m a y b e im p a c t in g c o n n e c t io n sInitial Sequence NumberV i s u a l l y a n a ly z e a0Random1n e t w o r k 's p a th c h a r a c t e r is t ic s *jitte r , a n d o t h e r f a c to r sF IG U R E8.111 th e9.hopsA dvanced T racin g D etails s e c tio n , th e o p tio n s r e m a in a t th e ird e fa u lt s e ttin g s .T r a c e a c t u a l a p p lic a t io n s a n d p o r t s , n o t ju s t I P6 .5 : T h e P a t h A n a l y z e r P r o A d v a n c e d P r o b e D e t a i l s w i n d o wG r a p h p r o t o c o l la t e n c y ,C h eckStop on control m essages (ICM P)111th eA dvan ce T racingD etails s e c tio nG e n e r a t e , p r in t , a n d e x p o r t a v a r ie t y o fAdvanced Tracing Details Work-ahead Limitim p r e s s iv e r e p o r ts P e rfo rmc o n t in u o u s a n d5t i m e d t e s t s w i d i r e a l-01 TTLst im e r e p o r tin g a n dMinimum Scatterh is to r y20millisecondsProbes per TTL Minimum: Maximum:10V ] Stop on control messages flC M Pj F IG U R E6 .6 : T h e P a t h A n a l y z e r P r o A d v a n c e d T r a c i n g D e t a i l s w i n d o w10. T o p e r fo r m th e tra c e a fte r c h e c k in g th e s e o p tio n s , s e le c t th e ta rg e t h o s t, fo r in s ta n c e w w w .g o o g le .c o m . a n d c h e c k th e P o r t :S m art as d efa u lt(65535). T arg et:w w w.google.com0F IG U R E6 .7 : ASm art]6 5 5 3 5 'Q ' ITrace| | One-time TraceP a t h A n a ly z e r P r o A d v a n c e T r a c in g D e ta ils o p tio nN o t e : P a t h A n a ly z e r P r o is n o t d e s ig n e d t o b e11. 111 th e d ro p - d o w n m e n u , s e le c t th e d u r a tio n o f tim e asT im ed T ra c eu s e d a s a n a t t a c k t o o l.Target:ww w .google.comPo rt: 0F IG U R E12. E n t e r th e6 .8 : ASm a rt65535Trace] [Timed TraceP a t h A n a ly 2 e r P r o A d v a n c e T r a c in g D e ta ils o p tio nType tim e o f tra c e111th e p r e v io u s ly m e n tio n e d fo r m a t asH H : M M : SS.CEH Lab Manual Page 43Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 44. Module 02 - Footprinting and Reconnaissance3 Type time of trace!_ !_ [xAccept-0-3Q0Time o f trace (hh:mm:ss)CancelSB TASK 2 F IG U R ET race Reports6 .9 : T h e P a t h A n a l y z e r P r o T y p e t i m e o f t r a c e o p t i o nT ra c e ta b c h a n g e s13.X lu le P a th A n a ly z e r P r o p e rfo rm s th is tra c e , th e a u to m a tic a lly to T a rg et:Stop.vvww.google.comP o rt:F IG U R E6 .1 0 : A3Sm art180StopTimed TraceP a t h A n a ly z e r P r o T a r g e t O p t io n14. T o se e th e tra c e re s u lts , c lic k th eR eport ta b to d is p la y a lin e a r c h a rtd epicting th e n u m b e r o f h o p s b e tw e e n y o u a n d th e ta rg e t. Target vw .Q oge co w O rr H = yj T h e A d v a n c e d P r o b e| Titred ra e TcO Report 5 Svnoow 3 C harts vj G eoLoc (3 StatsD e t a i l s s e t t in g s d e t e r m i n e h o w p r o b e s a re g e n e ra te d to p e r fo r m th e tra c e . T h e s e in c lu d e th e L e n g t h o f p a c k e t, L ife tim e , T y p e o f S e r v ic e , M a x im u m T T L , a n d In it ia l S e q u e n c e N u m b e r.IP Adciesj|Hop No icplv n 4 No reply 6 7 8 9 IQHostnamepackets received from TTLs 1 through 2 1 1.17 r 1 29 1 pockets received from TTL 5 1 1.SZ 2 .95 ; 1145 7 M i 176 rricNetwork Ncme % los13209 4755 v... 98.static.52 1.95 ).145 2100.netF IG U R E15. C lic k th eASN.nt 5.29.static6 .1 1 : A4755 151&9 15169 15169 15169Krln LatencyLatencyAvg Latency Max LatencyStdDev0.0c 0.00GOOGLE GCOGLE GOOGLE GOOGLE3.96 4.30257.78 lllllllllllllllllllllll12792463179 77 13 61OJM JJC DC O 3.X 0JX1663 25T7 2582 2607 25.Wlllllllllllllllll llllllllllllllllll lllllllllllllllllll !lllllllllllllllllll lllllllllllllllllllll567.27 62290 660.49 66022 714251165.07 227.13 176.7S 77.18 208.93 2C3.45 219.73251.84 260.64 276.13 275.12 309.08P a t h A n a ly z e r P r o T a rg e t o p tio nSynopsis ta b , w h ic h d is p la y s a o n e - p a g e s u m m a r y o f y o u rtra c e re s u lts . Taroet: I wvw.gxgte.:om mTracelined TraceL e n g th o f p a c k e t:T h is o p t i o n a llo w s y o u toReport |Sy-Kpnc | EChorto j ^Geo | [gj log | 1 Stota >s e t th e le n g t h o f t h e p a c k e t f o r a tra c e . T h e m in im u m s iz e o f a p a c k e t , a s aForward DNS (A records)74.125236.176g e n e r a l r u l e , is a p p r o x im a t e ly 6 4 b y te s , d e p e n d in g o n th e p r o t o c o l u s e d . T h e m a x i m u m s iz e o fR ev ers e DNS (PT R- iccotd) *r/vw.l.google.o Alternate Name w.vw.gocg o co.a p a c k e t d e p e n d s o n d ie p h y s i c a l n e t w o r k b u t is g e n e r a lly 1 5 0 0 b y te s f o r a r e g u la r E t h e r n e t n e t w o r k o r 9 0 0 0 b y te s u s in g G ig a b it E t h e r n e t n e tw o r k in g w ithREGISTRIES The orgamzaton name cn fi e at the registrar for this IP is Google Inc. and the organization associated *ith the originating autonomous system is Google Inc.ju m b o fr a m e s . INTERCEPT The best point cf lav/u intercept is within the facilities of Google Inc..F IG U R ECEH Lab Manual Page 446 .1 2 : AP a t h A n a ly z e r P r o T a r g e t o p tio nEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 45. Module 02 - Footprinting and Reconnaissancem16. C lic k th eTASKC harts ta b to v ie w th e re s u lts o f y o u r tra c e .3 Target: I mvw.goo^c.a:Port: @ Smait [80Race| |Timed naceV iew Charts Repat 1 3 Synopsis | ^0Chars | UGeo | [g] Log | 51 Stats [^ ;: sa e g BS S6 0 0 5 0 0 4 0 0E 0 0 %3 zo o 1 0 0 0 Ao a n mly m.P a t h A n a ly z e r P r ou s e s S m a r t as t h e d e fa u lt L e n g t h o f p a c k e t. W h e n t h e S m a r t o p t i o n is c h e c k e d , d ie s o ftw a r e a u t o m a t i c a l l y s e le c t s d i e m in im u ms iz e o f p a c k e t sF IG U R E6 .1 3 : T h e P a t h A n a l y z e r P r o C h a r t W i n d o wb a se d o n th e p ro to c o l s e le c t e d u n d e r S t a n d a r d O p tio n s .17. C lic kGeo, w h ic h d is p la y s a n im agin ary w o r ld m a p fo r m a t o t y o u rtra c e .TASK4V iew Im aginary MapF IG U R ECEH Lab Manual Page 456 .1 4 : T h e P a t h A n a l y z e r P r o c h a r t w i n d o wEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 46. Module 02 - Footprinting and Reconnaissance18. N o w , c lic k th eTASK5V ital StatisticsS ta ts ta b , w h ic h fe a tu r e s th e V ita l S ta tis tic s o f y o u rc u r r e n t tra c e . Taiact;* av.google,:on C'1SjToossort: f Smart ---------------- q & 3 charts I O Geo-3 0'|TracciTimsdTrocc|2 SlatsSourcemM a x im u m T T L : T h em a x im u m T i m e t o L i v e ( T T L ) is t h e m a x im u mTargetProtocolDistanceAvg LatencyTrace BeganTrace EndedFilters10.0.D2 (echO WN-MSSRCK4K41J : 10.0.02 (ethO: WNMSSELCK4K41 10.0.D2 (cthO: W N MSSELCK4K41 C.0.D2 (tr.hC V/ N-MS5ELCK4K41 : 1C.0.02 (h0! W N-MSSELCK4K41 10.0.02 (cthO: WN MSSELCK4K41 10.0.02 (cthC .W N MSSELCK4K41 1C.0.02 (e.h W N-MS5RCK4K41 C: 10.0.02 (h0- WN-MSSHCK4K41; 1C.0.02 (cthO: W N MSSELCK4K41 10.0.02 (ethO. WN-MSSELCK4K41 1C.0.02 (e.hC .W N MSSELCK4K41 10.0.02(*h0-WN-MSSH( K4K4I; 1C.0.0 ( cthC :W N MSSUCK4K41 10.0.02 (cthO. W NMSSCLCK4K41 10.0.02 (eh0: W N-MSSELCMK41 10.0.02 (h0 W N-MSSHl K4K4I; 1C.0.0 ( cshC :W N MSSELCMK-11 10.0.02 (ehO. W M-MSSELCK4K4174.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.1 6 74.125256.176 74.125236.176 74.125236.176ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP1 0 10 10 10 1 0 10 10 10 1 0 1 0 1 0 1 0 10 1 0 10 10 10 10 1030908 323.98 353.61 37941 39016 404.82 417^4 435.14 42423 421.11 465.05 437.93 44992 446.94 443.51 497.68 5833 681.78 649.313 - 1 1 1 11 0 1 1 - 2 :55:11 UTC 30 Jul 12 11 :55:01 UTC Jul 3 121:UTC 54 0 :51 3C-Jul-12 1 :54:41 UTC * 3 *1 1 - 2 11:54:32 UTC 0 111 30-Jul-1211:54-22 UTC 3 Jul 1 11:54:12 UTC 0 250-JuH2 1 :5 - 1 UTC 1 52 30-Jul-12 11:55:11 UTC 30 Jul-12 11 :55.01 UTC 30-Jul-12 11:54:51 UTC JO-iul-1 11:5441 UTC 2 30 Jul 12 11:54:32 UTC 30 Jul 12 11:5422 UTC 30-JuM2 11:54:12 UTC 50-luM2 11:542 UTC 30 Jul 1 11:53:52 UTC 2 30-Jul-l2 11:5343 UTC 30JuH2 11:53 33 UTC tO JuU2 1 :55-24 UTC 1 30 Jul 1 11:53:14 UTC 2 30-Jul-1211;5304 UTC 30-JuM2 11:52.54 UTC J0-luU2 11:5245 UTC 30 Jul 1 11:52:35 UTC 2 30-Jul-1 11:5225 UTC 22 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2311J1-1225a1c c u 11:5*52 UTC - M: 42r r r 3- 1 0 30-Jul 12 11:53:43 UTC 121-3C*Jul : UTC 53:33 30JuM2l 1:5324 UTC J0-luM2 11:53:14UTC 30 Jul 1211:5304 UTC 30-Jul-1 11:52:54UTC 2 30-JuM2 11:52:45UTC 30-luH2 11:52:35UTC 30 Jul 12 11:5225 UTC 30-JuH2 11:52:15UTCn u m b e r o f h o p s to p ro b e in a n a tte m p t to re a c h th e ta rg e t. T h e d e fa u lt n u m b e r o f h o p s is s e t t o 3 0 . T h eSource 10.0.02 (ethO: W N-MSSELCK4K41TargetProtocol74.125256.176ICMPDistance 10Avg LatencyTrace Segan46.577130-JU-12 11:52:16 UTCTrace Ended 50-Jul-121 :55-21 UTC 1Filters 2M a x im u m T T L th a t c a n b e u s e d is 2 5 5 .F IG U R E19. N o w FileExport th e r e p o r t b y c lic k in g Export o n th e to o lb a r.ViewHelp9 NewClose f t Paae Setup PrintPreferences F IG U R E20. B v6 .1 5 : T h e P a t h A n a l y z e ! P r o S t a t i s t i c s w i n d o wExportExport KMLCheck for UpdatesHelp j6 .1 6 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o wd e fa u lt, th e r e p o r t w ill b esavedatD:Program Files (x 86 )PathA nalyzer Pro 2.7. H o w e v e r , y o u m a y c h a n g e it to y o u r p r e fe r r e d lo c a tio n .Save FilemSave Statistics As OrganizeProgram File... Path Analyzer Pro 2.7vCSearch Path Analyzer Pro 2.7z|1= - IN e w folderDownloadsDate m odifiedTypeRecent places N o items m atch you r search. Libraries H mT h e In it ia l S e q u e n c eN u m b e r is s e t a s a c o u n t in gDocum entsJ*M usicEPictures5Videosm e c h a n is m w it h in th e p a c k e t b e tw e e n th e s o u rc e a n d t h e t a r g e t . I t is s e t t o R a n d o m as th e d e f a u lt , b u t1 % Com putery o u c a n c h o o s e a n o th e r s t a r t in g n u m b e r b yLocal Disk (C:) laLocal Disk (D:)~f r o m WINMSSELCK4K41( [ 2 0 2 .5 3 .1 1 .1 3 0 ] )w i6 3 m l5 6 8 1 2 9 8 p b c .3 5 .2 0 1 2 .0 7 .2 5 .2 1 .1 4 .4 1c ip h e r = O T H E R ) ; W ed, 2 5 J u l 2 0 1 2 2 1 : 1 4 : 4 2 M e s s a g e - ID :D a c e : W ed,(PDT)F ro m : M i c r o s o f t O u t l o o k < r i n i m a t t h e w s @ g m a i l . com >F IG U R ECEH Lab Manual Page 517 .4 : T h e e M a i l T r a c k e r P r o b y V i s u a l w a r e W i n d o wEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 52. Module 02 - Footprinting and ReconnaissanceTAS K 2Note: 111 O u t lo o k , t in d th e e m a il h e a d e r b y f o llo w in g th e s e s te p s : D o u b le - c lic k th e e m a il to o p e n it in a n e w w in d o wFinding Email H eaderC lic k th e s m a ll a r r o w b o x to o p e nU nder111th e lo w e r- r ig h t c o r n e r o f th eIn te rn e t headers, y o u w ill t in d th e Em ail header, asd is p la y e d111th e s c re e n s h o t 1 U . oI. IjJ-hi >< * " k -* rjj-I Tags to o lb a rM essag e Options in f o r m a t io n b o xMim------------ '-' " *-... U T 'T J Ml I t. llj i'H O W ttolKi (Vtnni AIM ( r < *n 1t! *11vrd h < mT h e abuse rep o rto p tio n fro m th e M y T r a c e R e p o r t s w in d o w a u t o m a t ic a lly la u n c h e s a b r o w s e r w in d o w w it h th e a b u s e r e p o r t in c lu d e d .F IG U R E7 .5 : F i n d i n g E m a i l H e a d e r i n O u d o o k 2 0 1 0T ra c e b u tto n w ill d ir e c t y o u to th e T ra c e report w in d o w8.C lic k in g th e9.T h e e m a il lo c a tio n is tra c e d in a G U I w o r ld m a p . T h e lo c a tio n a n d I P a d d re s s e s m a y v a n 7 Y o u c a n a ls o v ie w th e s u m m a ry b y s e le c tin g .Sum m ary section 10. T h e011Em ailth e r ig h t s id e o f th e w in d o wT a b le s e c tio n r ig h t b e lo w th e M a p s h o w s th e e n tir e H o p111th er o u te w it h th e I P a n d s u s p e c te d lo c a tio n s f o r e a c h h o p11. IP address m ig h t b e d if f e r e n t th a n th e o n e s h o w n7 *111th e s c re e n s h o t *-eMailTrackerPro v9.0h Advanced Edition Trial day 8 of 1 5[File O ptions H elpIhetrsce sccnplecc; the inform ationfoundisdisplayedo the nght n|T viwiRejwit k m : To: ..... -IE3 E a c h e m a i l m e s s a g eMisdirected: no AI>us4 Reporting: To automatically generate an email abuse report click here From IP: 209.85.216.199in c lu d e s a n In t e r n e t h e a d e r w i t h v a lu a b le in f o r m a t io n , e M a i l T r a c k e r P r o a n a ly 2 es th e m essag e h e a d e r an d re p o rts th e I PSystem Information: There is no SMTP server running on this system (the port K closed). There is no HTTP server running on this system (the port isclosed). There is no HTTPS server running on this system (the port is closed). There is no FTP server running on this system (the port is closed).ad d ress o fth e c o m p u te r w h e r e th e m e s s a g e o r i g i n a t e d , it s e s tim a te d lo c a t io n , th e in d iv id u a l o r o r g a n iz a t io n th e I Pa d d r e s s is r e g is t e r e dto , th e n e t w o r k p r o v id e r , a n d a d d it io n a l in f o r m a t io n a s a v a ila b leg ruriil. KlinDate: Wed. 25 Jul 2012 06:36:30 0700 (PDT) Subject: Getting started on Google* Location: [America j5 3 ID 1 1 1 3 1 4 1 5115113.166.96 2 985 25 .3 0 15 66.2*99 92 4 &*.2331 5 7 .1 64.233174.178 72.U 23982 72.U 23965 T OQ O T C O C C T1 5 1 1 5 B static1 .1 3 6 .9 .1 {A m & rjc d } {A m & rjc d j lA m o r/C d j {A m e r/c o ) lA m e n c Q j lA m e r K t )Network Whois Domain Whois Email Header1 You are cr cay 6 of a 15 aey t rial. To apply a licence Qick here or ter purchase intorrraticr CickhercF I G U R E 7 .6 : e M a i l T r a c k e r P r o E m a i l T r a c e R e p o r tCEH Lab Manual Page 52Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 53. Module 02 - Footprinting and Reconnaissance12. Y o u c a n v ie w th e c o m p le te tra c e r e p o r tTASK011MyT ra c e R eports ta b3 r *T race ReportseMailTrackerPro v9.0h Advanced Edttio .Trial day 8 of 151~ DT *Fie Options Help Stdithaiw Wy Inbox jllyTracc Rpmtejsub|c S o 1 /1 / dC |?GooglePftD - R9 itcr or Loc in I Othor Applications *mF ir e b u g a d d s s e v e ra lADD-ONS LXILMSJONS I PtKSONAS I IHLMLS I C0CLLCTI0NSM0RL-.Fsearch for add onsc o n fig u r a tio n o p tio n s to F ir e f o x . S o m e o f th e s eWelcome to Firefox Add-ons. Choose from thousands of extra features and styles to make Firefox your owno p tio n s c a n b e c h a n g e d t h r o u g h d ie U I , o th e r s c a n b e m a n ip u la t e d o n ly v ia# * Extensions Firebug a b o u tx o n f ig .Firebug 1.10.1 by Joe Hewitt, Jan Odvarko, robcee, HrcbugWorfcLngGroupFirebug Integrates with Firefox to put a wealth of development tools at your fingertips while yx ubrowse. You can edit, debug, and monitor CSS. HTM L, and JavaScript live in > any web page...1 , 3 8 1 user reviews 3 ,0 0 2 ,5 0 6 usersQ Add to collection < Sharethis Add onF I G U R E 8 .5 : W i n d o w s S e r v e r 2 0 1 2 A p p sCEH Lab Manual Page 57Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 58. Module 02 - Footprinting and Reconnaissance6.mC lic k th eIn s ta ll N ow b u tto n111th eS o ftw a re In s ta lla tio n w in d o wS oftw are In sta lla tio np a n e T T a b M in W id t hd e s c rib e s m in im a l w id t h inInstall add-ons only from authors whom you trust.p ix e ls o f t h e P a n e l ta b s in s id e d ie P a n e l B a r w h e n t h e r e is n o t e n o u g hM a liciou s software can d a m a g e y o u r c o m p u te r o r violate y o u r privacy.h o r iz o n ta l s p ace .Y o u have asked to install the fo llo w in g item :F b g (Ath rnot vrifie ) ire u uo e d https://addons.m ozilla.org/firefox/dow nloads/latest/1 4 / a d d o n -1 4 -latest.xpi7 8B 83 src:Install N o wCancelF I G U R E 8 .6: W i n d o w s S e r v e r 2 0 1 2 A p p s7.O n c e th e F ir e b u g A d d - O n is in s ta lle d , i t w ill a p p e a r as agrey coloredbug o n th e N avig atio n T o o lb ar as h ig h lig h te d in th e f o llo w in g s c re e n s h o t ms h o w F ir s t R u n P a g es p e c ifie s w h e t h e r t o s h o w th e firs t r u n p a g e .[sFirebug:: Add-ons for Firefox1 1ft Mozilla Corporation (US)http5://addon5.mozilla.o_______ C t^ Google________ f i t fDF I G U R E 8 .7: W i n d o w s S e r v e r 2 0 1 2 A p p s8. 9.C lic k th eFirebug ic o n to v ie w th e F ir e b u g p a n e .C lic k th eEnable lin k to v ie w th e d e ta ile d in fo r m a t io n f o r C o n s o lep a n e l. P e r f o r m th e sa m e fo r th e S c r ip t , N e t , a n d C o o k ie s p a n e lsmT h e c o n s o le p a n e lo ffe rs a Ja v a S c r ip t c o m m a n d l i n e , lis t s a ll k in d s o f m e s s a g e s a n d o f fe r s a p r o f ile r fo r Ja v a S c rip t c o m m a n d s.CEH Lab Manual Page 58Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 59. Module 02 - Footprinting and Reconnaissance10. E n a b lin g th e C o n s o le p a n e l d is p la y s a ll th e re q u e s ts b y th e p a g e . T h e o n e h ig h lig h te d mT h e C S S panel11.111111th e s c re e n s h o t is th eH eaders ta bth is la b , w e h a v e d e m o n s tra te d h tt p :/ / w w w .m ic r o s o ft .c o mm a n ip u la t e s C S S r u le s . I t o f f e r s o p t i o n s f o r a d d in g , e d it in g a n d r e m o v in g C S S12. T h eH eaders ta b d is p la y s th e R e s p o n s e H e a d e r s a n d R e q u e s t H e a d e rsb y d ie w e b s ites t y le s o f d i e d i f f e r e n t f i le s o f a p a g e c o n ta in in g C S S . I t C $1a ls o o f f e r s a n e d it in g m o d e , r r^ -xP* D- ** U 9| i n w h i c h y o u c a n e d it th eW e lc o m e t o M ic ro s o ftc o n t e n t o f d i e C S S f i le s d i r e c t l y v i a a t e x t a r e a ..3cw rJoa41Sccunty SupportBjy.fi[m m r | mm im vn U pi tiM M t laotM t o M * | *I | Cnori Mn)1 n D fc ebug nf C o e o ta i * ^ UUfF I G U R E 8 .9 : W i n d o w s S e r v e r 2 0 1 2 A p p s13. S im ila r ly , th e re s t o f th e ta b s111th e C o n s o le p a n e l lik eParam s.Response, HTM L, a n d C ookies h o ld im p o r ta n t in f o r m a t io n a b o u t th e w e b s ite mT he H T M L paneld is p la y s d ie g e n e r a t e d14. T h e H T M L p a n e l d is p la y s in f o r m a t io n s u c h as s o u rc e c o d e , in t e r n a l U R L s o f th e w e b s ite , e tc .H T M L / X M L o f d ie c u rre n d y o p e n e d page. ItP H D d if fe r s f r o m d ie n o r m a l*s o u rc e c o d e v ie w , b e cau seWelcome to Microsofti t a ls o d is p la y s a ll m a n ip u la t io n s o n th e D O MP0u - 4 ct D nloads Secisity owSuppcrtBuytre e . O n t h e r ig h ts id e i t s h o w s t h e C S S s t y le s d e fin e d f o r d ie c u r r e n d yla n d m o r e ..C11 1.A UN:0>nxWtnMM11* tuam iM iwmwmM wwa ^ ^11*MX. IfWm Kfifw |FWcrerccs ord r3^F IG U R ED o w n l o a d i n g a s it e c a n9 .5 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a do v e d o a d it, i f y o u h a v e a fa s t p ip e , o r i f y o u c a p tu r e6.C lic k in g th eS et options b u tto n w ill la u n c h th e W in H T T ra c k w in d o wt o o m a n y s im u lta n e o u s c g i (d y n a m ic a lly g e n e ra te d pages)CEH Lab Manual Page 657.C lic k th eScan Rules ta b a n d s e le c t th e c h e c k b o x e s f o r th e t ile ty p e s ass h o w n in th e f o llo w in g s c re e n s h o t a n d c lic kOKEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 66. Module 02 - Footprinting and ReconnaissanceH*WinHTTrack M IM E types Proxy|Browser ID| S ca n Rules | ]Limits| |Log, Index. C a c h e R ow Control|Links] |Experts Only Build|SpiderU w c rd toe c d o in lu eU Lso lin s se ild a s x lu e r c d R r k. Y uc np tse e l sc ns g o th s m lin . o a u v ra a trin s n e a e e U s a sa s p ra rs se p ce s e a to . E a p : +z - w .* o - w .*e uc i- in*c i x mle * ip w w .c m w w d / g b /. g mF i l e n a m e s w i t h o r ig in a ls t r u c t u r e k e p t o r s p lit t e d m o d e Cone h t m l fo ld e r , a n d o n e i m a g e f o l d e r ) , d o s 8 -3 f ile n a m e s o p t i o n a n d u se rd e fin e d s tru c tu reT : T h veA G file in lu e ,u es mth glik + w .s mwb o /1 if. ip o a LL IF s c d d s o e in e w w o e e .c m.g (+.g I - ifw in lu e e c d A G fr m LLs s * if g ill c d / x lu e LL IFs o A ite )OKF IG U R E S3 H T M L p a r s in g a n d ta gCancelHlp e9 .6 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a dT h e n , c lic ka n a ly s is , in c lu d in gN extja v a s c r ip t c o d e / e m b e d d e dWinHTTrdck Website Copier ( Test Project.whtt]H T M L codeFilePreferencesMrrorcqa - j^ Local Dsk 0 ^ CEH-TooliWindowHelpM irroring Mode -& 1 dellEnter adJress(es)inURLb x oB inetpub ! - j, Intel )I ^) ,i; MyV/d)Sitesj } Program Files . j Program files (x86) I il-- Uscr j. Windows j L Q NTfStRDAT ] u Local Disk < D> 51 ^Download web ste(s) V/ob Addresses: (URL) a certr'iedtacker.c DVD RW Drive < E;>S i - New Volume < F;>Pnefererces and mrroroptions:..I F IG U R E9.QP r o s y s u p p o rt to9 .7 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a dP lease adjust connection p a ra m e ters if n ecessary, then press F IN IS H to launch th e m irroring o perationB y d e fa u lt, th e r a d io b u tto n w ill b e s e le c te d f o rm a x im iz e s p e e d , w it h o p t io n a l a u t h e n t ic a t io nCEH Lab Manual Page 6610. C lic kFinish to s ta rt m ir r o r in g th e w e b s iteEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 67. Module 02 - Footprinting and ReconnaissanceWinHTTrack Website Copier - [Test Projeciwhtt] File C D T h e t o o l lia s in t e g r a t e d D N S c a c h e a n d n a t iv ePreferencesMirrorj ||jWindowHelpLocal Disk J> CEH Tool:j 0J dl d t : Si j, j Si I Si j. netpub me! M/V/ebSites Program Filesjh ttp s a n d ip v 6 s u p p o r t.ogProgram F les (x80)Remcte conncct Connect to this provider| Do not use rem access connection oteV D nectw enfnished iscon h0 j. J503 i ra >. WindowsV Shutdaivn PC when fnishedL - Q NTUStRXIATS x a i Local Dklc >OnhddDVD F.V Crive b New Vo umc 3Tron3lcr schcdulod lor (hh/r r r C Save *tilings only do not lajrch download nF IG U R E9 .8 : H T T r a c k W e b s i t e C o p i e r T y p e o r d r o p a r i d d r a g o n e o r s e v e r a l W e b a d d r e s s e sC D H T T r a c k c a n a ls o u p d a t e a n e x is tin g m ir r o r e d s it e a n d r e s u m e i n t e r r u p t e d d o w n l o a d s . H T T r a c k is fu lly c o n fig u r a b le b y o p t i o n s a n d b y filte r s11. S ite m ir r o r in g p ro g re s s w ill b e d is p la y e d asH111th e f o llo w in g s c re e n s h o txSite mirroring in progress [2/14 ( ! 32794 ,(13 S bytes] [ Test Project.whtt]Filepreference:Miiro LogWindowHelpP Local D is k < > ^ C : X CEH-Todsj B -Jj del Inform atbn J . netpubj 0 ^ lnl t e| 0 M MyWcbSitcs I .J1 Program Files ~ Q |Progrom Files (86)I ra i . Users j 0 1 Windows ~ j j NTUSFR.DAT y - g Local DiikBytes saved Tim : Transfer rate: Active connection#320.26K1B 2rrin22j OB/S (1.19KB/S) 1Urks scanned: -le wrtten: *es updated 2/14( 13) 14 0 0W }Actions:] scanningwww cotifedhacker conv)s1 1 ------1 ISKIP SKIP SKIP SKIP1 1 1 11 1 1 1 1 1 1 1 1DVD RW DrK* : B r j Nevr Volume -KIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP1 1 1 1 1 1 1 1 1J LszC D F ilt e r b y file ty p e , lin kF IG U R EH elp|9 .9 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s slo c a t io n , s tru c tu re d e p th , f i l e s iz e , s it e s iz e , a c c e p t e d o r r e f u s e d s it e s o r f i l e n a m e (w it h a d v a n c e d w ild c a r d s )..CEH Lab Manual Page 6712. W in H T T r a c k s h o w s th e m e s s a g eM irroring operatio n c o m p le te o n c eth e s ite m ir r o r in g is c o m p le te d . C lic kB row se M irrored W eb siteEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 68. Module 02 - Footprinting and ReconnaissanceSite mirroring finished! [Test Project.whtt] FilePreferencesMirror.ogWindow3 j* . Local Disk E CEH-ToolsMrroring operation ccmplctcC kEitt qit1 n T r c. lfc x o u / HTa* V S eOf!fe )tre e s ytoe s r thte e th isO. e g (s c s a nue a v r/ rg KIntel ; M (MyWebSiles | 0 I Program Files QO p t i o n a l l o g f i le w i t he r r o r - lo g a n d c o m m e n t s lo g .HelpTharks for using WinHTTrack1j 0 Program F les (x80) I J t Usen i g| j. Vndow; 1 Q NTUSBUJAT |- a ^ [ij Local Disk < .> [> DVD RW Crive Nev/Voumc B o M dW b rcw o rrcro o aitcMM U F IG U R E13. C lic k in g th e9 .1 0 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s sB row se M irrored W e b s ite b u tto n w ill la u n c h th e m ir r o r e dw e b s ite f o r w w w .c e r t 1fie d h a c k e r .c o m . T h e U R L in d ic a te s th a t th e s ite is lo c a te d a t th e lo c a l m a c h in eNote: I f th e w e b p a g e d o e s n o t o p e n f o r s o m e re a s o n s , n a v ig a te to th e C ] U s e b a n d w id t h lim it s , c o n n e c t i o n l i m i t s , s iz e lim it s a n d t im e lim it sd ir e c to r } w h e r e y o u h a v e m ir r o r e d th e w e b s ite a n d o p e n in d e x .h tm l w it h a n y w e b b ro w s e rDownloads and support DownbacfeAskquestions fecole re l aw king/p3 Onine 300king: S m http://certifiedhackef.c1 i ite < http://certifiedhacker.com /Online B > in / e Onine 300king: Searc http://certifiedhackef.c1 x k g$< http^/cortifiodhackor.convOnline Boking/sei Onine Booking: Searc htp://certifiedhackef.c! call http://certifiedhacker.com /Online B 0 in /se httrv/ ( * rlh rk / rrifiA A AF IG U R Ecall call call1 0 .1 0 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w12. S im ila r ly , c h e c kfo rth ein f o r m a t io nunderF a x e s, M e rg e dlis t , U r ls(6 3 8 ), In a c t iv e s ite s ta b s 13. T o s a v e th e s e s s io n , g o toCEH Lab Manual Page 75File a n d c lic k Save sessionEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 76. M odule 02 - Footprinting and R e co n n a issa n ceWeb Data Extractor 8.3----File| View Help Edit sessionJobs 0 J / 5C speed ur. Avg. speedOpen session Svc sessionctti-s| s (29) Faxes (27) M erged list Urls (638 Inactive sitesDelete sessonURL procesced 74Delete All sessionsTraffic received 626.09 KbStart session Stop session Stop Queu ng sites bitS Save extracted fe links directly to disk file, so there is no limit in number of link extraction per session. It supports operation through proxy-server and works very fast, as it is able of loading several pages simultaneously, and requires very few resourcesF IG U R E 10.11: W e b D a ta E x tra c to r E x tra c te d P h o n e d etails w in d o w14. Specify the session name in the Save session dialog box and click OK'1^1' a Web Data Extractor 8.3 [File View Hdpm0 Newr Meta tegs (64) Em (6) Phones (29) Faxes (27) M ails erged list Urls (638) Inactive sitesfS*o piococcod 1 1. Tim 4:12 m e inURL pcocesied 74 Tralfic receded 626.09 Kb Save session ^Please specify session nam e:F IG U R E 10.12: W e b D a ta E x tra c to r E x tra cte d P h o n e d etails w in d o w15. By default, the session will be saved at D:UsersadminDocumentsWebExtractorDataC E H Lab Manual Page 76Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 77. M odule 02 - Footprinting and R e co n n a issa n ceL a b A n a ly s is Document all die Meta Tags, Emails, and Phone/Fax. T o o l/ U tilityInformation Collected/Objectives Achieved Meta tags Information: U R L, Title, Keywords, Description, Host. Domain, Page size, etc.Web Data ExtractorE m a il Information: Email Address, Name, U R L, Title, Host, Keywords density, etc. Phone Information: Phone numbers, Source, Tag, etc.PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB. Q u e s t io n s 1. What does Web Data Extractor do? 2.H ow would you resume an interrupted session 111 Web Data Extractor?3.Can you collect all the contact details of an organization?Internet Connection Required Yes0 NoPlatform Supported 0 ClassroomC E H Lab Manual Page 770 iLabsEthical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 78. M odule 02 - Footprinting and R e co n n a issa n ceI d e n tif y in g V u l n e r a b i li t i e s a n d I n f o r m a t io n D i s c l o s u r e s in S e a r c h E n g i n e s u s i n g S e a r c h D ig g ity /V aluable m ation___ form Test your know ledge *4 W exercise eb mW orkbookreviewS a hDiggity is t eprimary attack to lof t eG o leHacking D gityProject It e rc h o h og ig is a MS Wind n GUIa pc tio thats r e a afro t- n t t elatestv r io s n os p li a n ev s s n e d o h es n of Diggity to ls G o le ig it , BingDiggity, Bing LinkFrom o : o g D gy Dom ainDiggity, C d S ac Dg ity DLPDiggity, FlashDiggity, Maina D g , Po/tSc n ig ity o eerh i g , re ig ity aD g , SHOD.4NDiggity, BingBina/yMalnareSearch, andNotlnMyBackYardDiggity. L a b S c e n a r io A n easy way to find vulnerabilities 111 websites and applications is to Google them, which is a simple method adopted by attackers. Using a Google code search, hackers can identify crucial vulnerabilities 111 application code stnngs, providing the entry point they need to break through application security. As an expert ethical hacker, you should use the same method to identify all the vulnerabilities and patch them before an attacker identities them to exploit vulnerabilities.L a b O b je c t iv e s The objective of tins lab is to demonstrate how to identity vulnerabilities and information disclosures 111 search engines using Search Diggity. Students will learn how to: H Tools demonstrated in this lab are available in D:CEHToolsCEHv8 Module 02 Footprinting and ReconnaissanceC E H Lab Manual Page 78Extract Meta Tag, Email, Phone/Fax from the web pagesL a b E n v ir o n m e n t T o carry out the lab. you need: Search Diggity is located at D:CEH-ToolsCEHv8 Module 02 Footprinting and ReconnaissanceGoogle Hacking ToolsSearchDiggityEthical Hacking and Countenneasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited. 79. M odule 02 - Footprinting and R e co n n a issa n ceYou can also download the latest version of Search Diggity from the link http: / /www.stachliu.com/resources /tools /google-hacking-diggitvproject/attack-tools If you decide to download the latest version, then screenshots shown 111 the lab might differ Tins lab will work 111 the C E H lab environment - 011 Windows Server 2012. Windows 8. Windows Server 2008. and Windows 7L a b D u r a tio nTime: 10 Minutes G o o g le D ig g ity is the p rim a ry G o o g le h ackin gO v e r v ie w o f S e a r c h D ig g it yto o l, u tiliz in g th e G o o g le JS O N / A T O M C u sto m S e arch A P I to id e n tify vu ln e ra b ilitie s andSearch Diggity has a predefined query database that nuis against the website to scan die related queries.in fo rm a tio n d isclo su res v ia G o o g le searching.Lab T asks 1. T o launch the Start menu, hover the mouse cursor 111 the lower-left corner of the desktopF IG U R E 11.1: W in d o w s S e rve ! 2012D eskto p view2. 1 1 the Start menu, to launch Search Diggity click the Search Diggity 1Launch Search DiggityA dm inistrator ^S ta rtMMMgertoolsaMypV f/anaqer*jm Command?F"Google Chrome*Control Panel% Hyper V Vliiijol Machine..1 Vy1hOtAdobe Reader Xog TM ozillaInternet Informal). Services..F IG U R E 11.2: W in d o w s Server 2012 Start m enuC E H Lab Manual Page 79Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 80. M odule 02 - Footprinting and R e co n n a issa n ce3.The Search Diggity main window appears with Google Diggity as the defaults s - . Q u e rie s S e le ctG o o g le d ork s (searchAggr$$Mq u eries) yo u w ish to use inWnjaGoogle Custom sparer ID: CreateQueriesscan b y ch eck in gCautiousr FS06a p p ro p riate boxes.Categoryt GK>*Sutxsteqorysearch StringPage Titfel Q C iRibOfn l SharePoart 0ggrty> Usioe > I ISLOONCW > f 1DLPOwty Initial * NonSWF seartfes & t ] FtashDggty lnaiGoogle Status: ReadyDownload Progrss: Id 0*.n Fo 1>F IG U R E 11.3: Search D im ity M a in w in d o w4.Select Sites/Domains/IP Ranges and type the domain name 111 the domain field. Click Add Ooton? CodeSearch SrplMH0 BrngllnkfromDomniriDLPFlashMnlwor#PortSarHorTnMyfi.vfcvirdBingMnlwnr#| csf.o m ocm rC oAdvancedI Quer*s nFD S6Categoryt Q GH06 >SubcategorySearch Stnng_( Ca lr eS KorinnIjlT.TllH ie dPage Ttie> GHDBRebom 0D o w n lo a d JB u tto n S e le ct (h ig h lig h t) on e o r m o re re su lts in th e results p ain , d ie n c lic k th is b u tto n to d o w n lo ad d ie search? p SharePDtit Diggty > 12 SLD3 > sldbnew > r DLPDigg.ty Intial Flash MorrS'AF Seerches> t FFsDgIna > i hi t t l a gy iSelected Resultre su lt file s lo c a lly to yo u r co m p u ter. B y d e fa u lt, d o w n lo ad s toD:D iggityD ow nloa d s.Gooqk* Slatuk: ReedyDownload Protjrvvs: Id < *F IG U R E 11.4: Search D im ity - Selecting Site s/D o m ain s/IP RangesC E H Lab Manual Page 80Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 81. M odule 02 - Footprinting and R e co n n a issa n cem5.The added domain name will be listed in the box below the Domain heldIm p o rt B u tto n Im p o rt a tex t file lis t o f d o m a in s / IP rang es to^5scan. E a c h q u ery w ill beSearch Diggiiy FileCodons|- I xHeloru n ag ainst G o o g le w ith Js i t e : y o u r d o m a in n a m e . co m ap pended to it.r ~^eSeard1SmuJeBingLinkFromDomainAdvanced|SU NDLPFlashMaHwarePcriScznHatfrMyBadcyardSettings|Query Appender *BingMalvsareShodanLe. exanfie.ccrn 1 8 192.100.1 2.1 msm ----------------Pro|B *bmicrosoft.com [Remove]9 Ide arQueriesHidefr 1!! F5PB Subcategoryfr E: CHD6Search StringPage TitleURLfr C GHDeReborr fr (v sfiarcPon: oqgkv fr (lJ S1DB fr SI06NEW fr IT OtPDlQqltY Iftlldl fr C Rash HanSMlF SearchesSoloctod Result- (T RashDig^Ty inrtial1fr C SVVF Fk dng Generic fr SVVF Targeted 5eorchesj* Google Status: RedDotviihjad Progress: tzk! C? n Fo.drF IG U R E 11.5: Search D ig g ity D o m ain added6.aa t a s k2Run Query against a websiteNow , select a Query Irom left pane you wish to run against the website that you have added 111 the list and click ScanNote: 1 1 this lab, we have selected the query SWF Finding Generic. Similarly, 1 you can select other queries to run against the added website "5Seaich Diogity oodons CodeScarfr xHdO BingLirkfrornDomamDLP,1 'FlashMalwarePortScanHotiftMyflxIcyardSettings1. CanedOownloac]ProxiesSingMalwnreShodan< .Q 1 fcfll1 12 6.192.100.1 11microsort.com [Kcmove]lEOal1ClearHide F D 6 Category GHD6Subcategorysearch stringps ge TitleURLO GHDBRebom SharePoinl t>ggiy SLOB O SLDBNEW DIPDigjjty T rtio n lmW h e n scann in g isSelected Result Fiasf nodswf sarchs [ FiasjiDtggjty Initial_____kicke d o ff, th e selected117 SWF Prdr>g Gencric]q u e ry is ru n ag ainst thefr n SWF Targeted Searchesco m p lete w eb site. boogie status: ReacJyDownload Progress: :deholJt'F IG U R E 11.6: Search D ig g ity Selecting query and ScanningC E H Lab Manual Page 8 1Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 82. M odule 02 - Footprinting and R e co n n a issa n cem7.The following screenshot shows the scanning processR e s u lts P a n e - A sscan ru n s, re su lts fo u n d w ill^x -Search Dignityb eg in p o p u latin g in th is w in d o w pane.LinkFromDomain 5n 33 r 1PortScanftotinM/BackyardAcSarcedBingMalwareS hodan> 128.192.100.1 Cancelrrecrosoft.com [Rer ove]ProxiesDownload| _________ _|CeaiHide F5D6 GHDBCntegorySubcntegorySearch StringPage T*eURL*rttp ://vww.mKTO?ott.com/europe/home.swt GHOBRetoorr< F1ahD1gg!ty ]m SWF Finding G exfcswt ste :mu Finland irrxrg l sliaroPoin: Digqty/napp01nt/flosh/Mapl'o1r1t FlastiDiggity ]m SWF Finding G ext:swt ste:m1< Start the Tour j http://vr//7v.rn1cr0xtt.com l