Fundamentals of Ethical Hacking. Footprinting is understood as information gathering and very first step in any cyber-attack on information systems. It is somewhat crucial for the attackers streamline a scope of his work and help him select the tools being used.
There is a famous Chinese general Sun Tzu saying about planning, attacking and winning several battles as “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Why is footprinting important? A few reasons are outlined as below.
- Understand Security Posture
- Minimize Focus Area
- Identify Vulnerabilities
- Draw Network Diagram
The primary objectives of footprinting include gathering information about the target’s network and system, even the organization information.
The quickest reconnaissance is using a search engine to extract information about the target such as types of system, login pages, and employee details.
This method is known as passive footprinting in which an attacker never makes contact with the target system.
Discovery of target’s IP address
We are here to find out the IP address of the target system by means of using the PING utility. Let us pretend the hackwarenews.com as a target.
From the above experiment, the target domain’s IP address is 18.104.22.168. We also get other information on Ping Statistics, such as packets sent, packets received and approximate round-trip time.
Location of web server
We could also find out where the web server has been hosted. In order to do that, it does require to key in the target domain name in https://www.site24x7.com/find-website-location.html and https://check-host.net/ as shown below.
In order to get better and reliable information, we have to gather data from several sources. Based on the findings above, we will know that the target web’s server has been hosted in Munich, Germany.
Revealing of name server and mail address
There are numerous ways of finding the primary name server and responsible mail address as below.
Our target system would work with the primary name server called ns1.contabo.net and the mail system being hosted contabo.de
The above information is essential for an attacker. Last but not least, there are various tools and technologies to get and hack the whole system.