Escolar Documentos
Profissional Documentos
Cultura Documentos
F o o t p r i n t i n g
a n d
R e c o n n a i s s a n c e
M o d u l e
0 2
L a b S c e n a r io
Valuable
mfonnation____
sA
m
Penetration testing is much m ore than just running exploits against vulnerable
Test your
systems like we learned about 111 the previous module. 111 fact, a penetration test
begins before penetration testers have even made contact w ith the v ic tim s
knowledge
systems. Rather than blindly throwing out exploits and praying that one o f
them returns a shell, a penetration tester meticulously studies the environm ent
fo r potential weaknesses and their mitigating factors. By the time a penetration
Workbook review tester runs an exploit, he or she is nearly certain that it w ill be successful. Since
Web exercise
111
system, or at the very least make the victim un-exploitable 111 the fiiUire,
penetration testers w o n 't get the best results, or deliver the most thorough
X0741u\1cu\
report to then clients, i f they blindly turn an automated exploit machine on the
victim netw ork w ith no preparation.
L a b O b je c t iv e s
T he objective o f the lab is to extract in fo rm atio n concerning the target
organization that includes, but is not lim ited to:
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
L a b E n v ir o n m e n t
Tins lab requires:
L a b D u r a t io n
Time: 50 ]Minutes
O v e r v ie w o f F o o t p r in t in g
Before a penetration test even begins, penetration testers spend tune w ith their
clients working out the scope, mles, and goals ot the test. The penetration testers
may break 111 using any means necessary, from inform ation found 111 the dumpster,
to web application security holes, to posing as the cable guy.
A fter pre-engagement activities, penetration testers begin gathering information
about their targets. O ften all the information learned from a client is the list o f IP
addresses a n d /o r web domains that are
111 scope. Penetration testers then learn as
much about the client and their systems as possible, from searching for employees
on social networking sites to scanning die perimeter for live systems and open ports.
Taking all the information gathered into account, penetration testers sftidv the
systems to find the best routes o f attack. Tins is similar to what an attacker would do
or what an invading army would do when trying to breach the perimeter. Then
penetration testers move into vulnerabilitv analysis, die first phase where they are
actively engaging the target. Some might say some port scanning does complete
connections. However, as cybercrime rates nse, large companies, government
organizations, and other popular sites are scanned quite frequendy. D uring
vulnerability analysis, a penetration tester begins actively probing the victim
systems for vulnerabilities and additional information. O n ly once a penetration
tester has a hill view o f the target does exploitation begin. Tins is where all o f the
information that has been meticulously gathered comes into play, allowing you to be
nearly 100% sure that an exploit w ill succeed.
Once a system has been successfully compromised, the penetration test is over,
right? Actually, that's not nglit at all. Post exploitation is arguably the most
important part o f a penetration test. Once you have breached the perimeter there is
whole new set o f information to gather. Y o u may have access to additional systems
that are not available from the perimeter. The penetration test would be useless to a
client without reporting. Y o u should take good notes during the other phases,
because during reporting you have to tie evervdiing you found together
111
a way
everyone from the I T department who w ill be remediating the vulnerabilities to the
business executives who will be approving die budget can understand.
m
TASK 1
Overview
Lab Tasks
Pick an organization diat you feel is worthy o f vour attention. Tins could be an
e d u c a tio n a l in s titu tio n , a c o m m e rcia l com pany.
ch arity.
01
perhaps a nonprofit
L a b A n a ly s is
Analyze and document the results related to die lab exercise. Give your opinion 011
your targets security posture and exposure through public and tree information.
Lab
0)1 u tility
u sed to te s t th e re a c h a b ility o f a
I CON KEY
[Z7 Valuable
information
Test your
knowledge_____
* Web exercise
Workbook review
L a b S c e n a r io
As a professional p e n e tra tio n te s te r, you w ill need to check fo r the reachability
o f a com puter 111 a network. Ping is one o f the utilities that w ill allow you to
gather im portant in fo rm atio n like IP address, m axim um P a c k e t Fam e size,
etc. about the netw ork com puter to aid 111 successful penetration test.
L a b O b je c t iv e s
Tins lab provides insight in to the ping com m and and shows h o w to gather
in fo rm atio n using the ping com m and. T he lab teaches h o w to:
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
Use ping
Id en tity IC M P type and code for echo request and echo reply packets
L a b E n v ir o n m e n t
T o carry out tins lab you need:
111
L a b D u r a t io n
Tune: 10 Minutes
O v e r v ie w o f P in g
Packet Internet Groper.
T he ping command sends Internet Control Message Protocol (ICMP) echo request
packets to the target host and waits tor an ICMP response. D uring tins request-
response process, ping measures the tune from transmission to reception, known as
&
Lab Tasks
1.
2.
Locate IP Address
3.
111
X0741u\1cu\
X7941u\1cu\
X1051u\1cu\
Administrator: C:\Windows\system32\cmd.exe
' *
'
C:\)ping uuu.certifiedhacker.com
C:\>
FIGURE 1.3: The ping command to extract die IP address for www.certifiedhacker.com
6.
X3251u\1cu\
Administrator: C:\Windows\system32\cmd.exe
Frame Size
:\<ping www.certifiedhacker.com -f
1 1500
X0741u\1cu\
!Pinging www.certifiedhacker.com [202.75.54.101] with 1500 bytes of data:
Packet needs to be fragmented but UP set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 0, Lost = 4 <100* loss).
9.
11500 options
!-!=
'
C:\>
11300 options
11. Y o u can see that the m axim um packet size is less than 1 5 0 0 bytes and
m ore than 1 3 0 0 bytes
In die ping command,
12. N o w , try different values until you find the m axim um frame size. F o r
instance, ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 3 replies w ith
P a c k e t n eeds to be fra g m e n te d but DF s e t and ping
w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 2 replies w ith a su ccessfu l ping. I t
indicates that 1472 bytes is the m axim um frame size o il tins machine
netw ork
Note: T h e m axim um frame size w ill d iffer depending upon on the netw ork
Administrator: C:\Windows\system32\cmd.exe
X0741u\1cu\X0741u\1cu\
X1051u\1cu\
x 1
X0741u\1cu\
Pin<jinc www.certifiedhacker.com [202.75.54.1011 with 1473 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 0, Lost = 4 <100/ loss).
c a The router discards
packets when TTL reaches
0(Zero) value.
FIGURE 1.6: The ping command for www.certifiedhacker.com with f
Administrator: C:\Windows\system32\cmd.exe
11473 options
1-1=' '
11472 options
Administrator: C:\Windows\system32\cmd.exe
Bl
C:\>ping uuw.certifiedl1acker.com - i 3
Pinsrincf 17uu.certifiedhacker.com [202.75 .54.1011 uith 32 bytes of data: p
Reply from 183.82.14.17: TTL expired in transit.
Reply from 183.82.14.17: TTL expired in transit.
Reply from 183.82.14.17: TTL expired in transit.
Reply from 183.82.14.17: TTL expired in transit.
Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 4, Lost = 0 <0X loss).
lc:\>
| <|
X3941u\1cu\X1941u\1cu\X2151u\1cu\
11
1<
FIGURE 1.8: The ping command for \vww cfi-rifierlhacker.com with -i 3 options
Em ulate T ra c e rt
17. T h e results you receive are different from those 111 tins lab. Y o u r results
may also be different fro m those o f the person sitting next to you
18.
111
ca
1 n 1 options
111
Administrator: C:\Windows\system32\cmd.exe
C:\)ping www.certifiedhacker.com i 2 n 1
20. 111 the com m and pro m p t, type ping w w w .c e rtifie d h a c k e r.c o m -i 3 -n
1. Use -n 1 111 order to produce only one answer (instead o f four on
W indow s or pinging forever on L inux). T h e displayed response should
be similar to the one shown 111 the follow ing figure
C:\)ping www.certifiedhacker.con - i 3 -n 1
3 n 1 options
Use -n 1
111
Administrator: C:\Windows\system32\cmd.exe
X0741u\1cu\
Hl >
'
D:\>ping www.certifiedhacker.com - i 4 -n 1
Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da
Reply from 121.240.252.1: TTL expired in tra n s it.
Ping s tatistics for 202.75.54.101:
Packets: Sent = 1, Received = 1, Lost = 0 <0X loss).
4 n 1 options
23. Repeat the above step until you reach th e IP address for
w w w .c e rtifie d h a c k e r.c o m (111 this case, 2 0 2 .7 5 .5 4 .1 0 1 )
Administrator: C:\Windows\system32\cmd.exe
EM
'
C:\)ping www.certifiedhacker.com - i 10 -n 1
Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of data:
Reply from 120.29.216.21: TTL expired in transit.
Ping statistics for 202.75.54.101:
Packets: Sent = 1, Received = 1, Lost = 0 <0x loss),
C:\>
10 n 1 options
Traceroute sends a
sequence of Internet
Control Message Protocol
(ICMP) echo request
packets addressed to a
destination host.
15 n 1 options
25. N o w , make a note o f all die IP addresses fro m w hich you receive the
reply during the ping to emulate tracert
L a b A n a ly s is
Docum ent all die IP addresses, reply request IP addresses, and their TJL'Ls.
Tool/Utility
I P A ddress: 202.75.54.101
P a c k e t Statistics:
P in g
Packets Sent 4
Packets Received 3
Packets Lost 1
M a x im u m F ra m e Size: 1472
T T L R esponse: 15 hops
Q u e s t io n s
1.
H o w does tracert (trace route) find the route that the trace packets are
(probably) using?
2.
Is there any other answer ping could give us (except those few w e saw
before)?
3.
W e saw before:
Request tim ed out
X7941u\1cu\
X7941u\1cu\
X7941u\1cu\
In te r n e t C o n n e c tio n R e q u ire d
0 Yes
No
P la tfo rm S u p p o rte d
0 C la s s ro o m
D iLabs
L a b S c e n a r io
[Z7 Valuable
information
Test your
knowledge_____
111
w hich the IP is
* Web exercise
111 the next step o f reconnaissance, you need to tind the DNS records. Suppose
111
a n etw o rk there are tw o dom ain name systems (D N S ) servers named A and
B, hosting the same A c tiv e D ire c to ry -In te g ra te d zone. U sing the nslookup
tool an attacker can obtain the IP address o f the dom ain name allowing h im or
her to find the specific IP address o f the person he or she is hoping to attack.
Though it is d ifficult to restrict other users to query w ith D N S server by using
nslookup com m and because tins program w ill basically simulate the process
that h ow other programs do the D N S name resolution, being a p e n e tra tio n
te s te r you should be able to prevent such attacks by going to the zones
properties, on the Z on e T ra n s fe r tab, and selecting the option not to allow
zone transfers. Tins w ill prevent an attacker fro m using the nslookup command
to get a list o f your zones records, nslookup can provide you w ith a wealth o f
D N S server diagnostic inform ation.
L a b O b je c t iv e s
The objective o f tins lab is to help students learn how to use the nslookup
command.
This lab w ill teach you how to:
F in d d ie I P a d d re s s o f a m a c h in e
C h a n g e th e s e rv e r y o u w a n t th e r e s p o n s e fr o m
E l i c i t a n a u t h o r it a tiv e a n s w e r fr o m th e D N S s e r v e r
F in d n a m e s e rv e rs f o r a d o m a in
F in d C n a m e (C a n o n ic a l N a m e ) f o r a d o m a in
F in d m a il s e rv e rs lo r a d o m a in
Id e n t if y v a r io u s D N S r e s o u r c e re c o r d s
Lab Environment
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
T o c a n y o u t th e la b , y o u n e e d :
Footprinting and
A d m in is t r a tiv e p r iv ile g e s to r u n to o ls
TCP/IP
T in s la b w ill w o r k
111
th e C E H la b e n v ir o n m e n t - 0 1 1 Window
2 0 1 2 . W indow s
8,
W indow s S e rv e r 2 0 0 8 . a n d W indow s 7
Reconnaissance
s e ttin g s c o r r e c t ly c o n fig u r e d a n d a n a c c e s s ib le D N S s e rv e r
S erver
I t th e
w in do w , a n d
ty p e
nslookup
t o r th e in t e r a c t iv e m o d e .
Lab Duration
T im e : 5 M in u te s
Overview of nslookup
nslookup m e a n s
o p e ra tin g s y s te m s lo c a l
o p e ra te s
X0741u\1cu\
111
T o e x e c u te q u e n e s , n s lo o k u p u se s d ie
in teractive
01
non-interactive
n s lo o k u p
m o d e . W h e n u s e d in te r a c tiv e ly b y
inX0741u\1cu\
v o k in g it w id io u t a rg u m e n ts 0 1 w h e n d ie fir s t a rg u m e n t is - (m in u s sig n ) a n d d ie
s e c o n dX0741u\1cu\
a rg u m e n t is
X0741u\1cu\
host nam e
01
IP address,
th e u s e r issu e s p a ra m e te r
a rg u m e n ts a re g iv e n , th e n th e c o m m a n d q u e rie s to d e fa u lt s e rv e r. T h e
sign)
in v o k e s s u b c o m m a n d s w h ic h a re s p e c ifie d
p re c e d e n s lo o k u p c o m m a n d s . 111
X0741u\1cu\
nam e 0 1
internet address o f
011
110
- (minus
c o m m a n d lin e a n d s h o u ld
w h e n fir s t a rg u m e n t is
th e h o s t b e in g s e a rc h e d , p a ra m e te rs a n d th e q u e ry a re
s p e c ifie d as c o m m a n d lin e a rg u m e n ts
111
11011-
th e in v o c a tio n o f th e p ro g ra m . T h e
non-authoritative answ er
b e c a u s e , b y d e fa u lt, n s lo o k u p ask s y o u r
n a m e s e rv e r to re c u rs e 111 o rd e r to re s o lv e y o u r q u e ry a n d b e c a u s e y o u r n a m e s e rv e r is
n o t a n a u th o rity fo r th e n a m e y o u a re a s k in g it a b o u t. Y o u c a n g e t a n
answ er b y
authoritative
q u e ry in g th e a u th o rita tiv e n a m e s e rv e r fo r d ie d o m a in y o u a re in te re s te d
Lab Tasks
1.
L a u n c h S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r
111
th e lo w e r - le ft
c o r n e r o f th e d e s k to p
S TASK
E xtract
Information
i j Windows Server 2012
fttndcMs Sewe* 2012 ReleM Qnxtdite OaiMtm
1 valuation copy fk*W
X7941u\1cu\ X6941u\1cu\ X7941u\1cu\ X3051u\1cu\ X0051u\1cu\ X0051u\1cu\ X3051u\1cu\
IPPRPGS *5;
F I G U R E 2 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
2.
F I G U R E 2 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s
,____
The general
c o m m a n d s y n t a x is
nslookup [-option] [name |
-] [ s e r v e r ] .
3.
111 th e c o m m a n d p r o m p t, ty p e
4.
N o w , ty p e
nslookup, a n d
help a n d p re s s Enter. T h e
p re s s
E n ter
d is p la y e d re s p o n s e s h o u ld b e s im ila r
ss
C :\)n s lo o k u p
D e fa u lt S e rv e r: n s l.b e a m n e t. in
A d d ress:
2 0 2 .5 3 . 8 . 8
> h e lp
Commands:
( i d e n t i f i e r s a re shown in u p p e rc a s e , LJ means o p t i o n a l )
NAME
- p r i n t in f o about th e h o s t/d o m a in NAME u s in g d e f a u l t s e r v e r
NAME1 NAME2
- as ab o ve, but use NAME2 as s e r v e r
h e lp o r ?
p r i n t in f o on common commands
X0741u\1cu\
s e t OPTION
- s e t an o p tio n
all
- p r i n t o p tio n s * c u r r e n t s e r v e r and host
[no]debug
- p r i n t debugging in fo rm a tio n
X0741u\1cu\
[n o ld 2
p r i n t e x h a u s tiv e debugging in fo rm a tio n
[n o Id e f name
- append domain name to each qu e ry
[n o !re c u rs e
- ask f o r r e c u r s iv e answer t o q u e ry
.S' Typing "help" or "?" at
[n o !s e a rc h
- use domain s e a rc h l i s t
the command prompt
[no Ivc
- alw ays use a v i r t u a l c i r c u i t
domain =NAME
- s e t d e f a u l t domain name to NAME
generates a list of available
s r c h l i s t = N 1 [ / N 2 / . . . / N 6 1 - s e t domain to N1 and s e a rc h l i s t to N 1 ,N 2 , e t c .
ro o t =NAME
- s e t ro o t s e r v e r to NAME
commands.
re try = X
- s e t number o f r e t r i e s to X
X0741u\1cu\X0741u\1cu\
t imeout=X
s e t i n i t i a l t im e - o u t i n t e r v a l to X seconds
ty p e =X
- s e t q u e ry ty p e ( e x . A,AAAA,A*AAAA,ANY,CNAME,MX,NS,PTR,
S0A,SRU)
q u e ry ty p e =X
- same as typ e
X0741u\1cu\
c la s s X
s e t q u e ry c la s s < e x . IN ( I n t e r n e t ) , ANY)
[no]m s xf r
- use MS f a s t zone t r a n s f e r
ix f r v e r = X
- c u r r e n t v e rs io n to use in IXFR t r a n s f e r re q u e s t
s e r v e r NAME
- s e t d e f a u l t s e r v e r to NAME, u s in g c u r r e n t d e f a u l t s e r v e r
ls e r w e r NAME - s e t d e f a u l t s e r v e r to NAME, u s in g i n i t i a l s e r v e r
ro o t
- s e t c u r r e n t d e f a u l t s e r v e r to th e r o o t
Is [ o p t ] DOMAIN [> F IL E ] - l i s t add resses in DOMAIN ( o p t i o n a l : o u tp u t to F IL E )
X0741u\1cu\
-a
l i s t c a n o n ic a l names and a lia s e s
-d
l i s t a l l re c o rd s
- t TYPE
PTR e t c . >
view FILE
exit
>
l i s t re c o rd s o f th e g iv e n RFC re c o rd ty p e ( e x . A,CNAME,MX,NS,
F I G U R E 2 .3 : T h e n s l o o k u p c o m m a n d w i t h h e lp o p t i o n
5.
111 th e n s lo o k u p
6.
N o w , ty p e
in teractive m o d e ,
ty p e
d is p la y e d
Note: T h e
d ie s c re e n s h o t
F I G U R E 2 .4 : h i n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n
Use Elicit
A uthoritative
7.
8.
L i n s lo o k u p in te r a c tiv e m o d e , ty p e
9.
N o w , ty p e
Note: T h e
certifiedhacker.com a n d p re s s Enter
D N S s e rv e r a d d re ss
(8.8.8.8) w ill b e
d iffe r e n t d ia n d ie o n e 111 s c re e n s h o t
> certifiedhacker.com
Server:
google-public-dns-a.google.com
Address:
8. 8.8. 8
X1051u\1cu\
Administrator:
C:\Windows\system32\cmd.exe
ns...
X0741u\1cu\
Q TASK 3
:\>
X4051u\1cu\
Find Cnam e
nslookup
)efau
lt
Server:
Iddress:
>
set
>
cert ified
Jeru
google-public-dns-a.google.con
8.8.8.8
type=cnane
hacker.con
er:
google-public
X0741u\1cu\
X0741u\1cu\
Iddress:
dns
.google.con
8.8.8.8
rin
ary
nane
seruer
responsible
s
ria
35
refresh
900
(15
re
600
(10
86400
try
expire
d
efau
lt
TTL
il
ns0.n
addr
ad
nin
yearlyfees.con
.n
oyearlyfees.con
nins>
n
(1
3600
in
s)
day)
(1
hour>
III
F I G U R E 2.5:111 ii s l o o k u p c o m m a n d , s e t t y p e = c n a m e o p t i o n
server 64 .1 4 7 .9 9 .9 0
(o r a n y o th e r I P
a d d re ss y o u re c e iv e in th e p re v io u s ste p ) a n d p re s s Enter.
[SB Administrator:X4251u\1cu\
C:\Windows\system32\cmd.exe - ns. L^.
111 nslookup
command, root option
means to set the current
default server to the root.
F I G U R E 2.6:111 n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n
14. I I y o u re c e iv e a
s h o w n in th e p re v io u s
X3251u\1cu\
-' T o m a k e q u e i y t y p e
of NS a default option for
your nslookup commands,
place one of the following
statements in the
user_id.NSLOOKUP.ENV
data set: set querytype=ns
or querytype=ns.
F I G U R E 2 .7 : I n n s l o o k u p c o m m a n d , s e t t y p e = m x o p t i o n
Lab Analysis
D o c u m e n t a ll d ie I P a d d re ss e s, D N S s e rv e r n a m e s , a n d o d ie r D N S in fo rm a tio n .
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
D N S S e r v e r N a m e : 2 0 2 .5 3 .8 .8
N o n - A u t h o r it a t iv e A n s w e r : 2 0 2 .7 5 .5 4 .1 0 1
n s lo o k u p
C N A M E ( C a n o n ic a l N a m e o f a n a lia s )
A lia s : c e r t1fie d h a c k e r .c o m
C a n o n ic a l n a m e : g o o g le - p u b l1c- d11s - a .g o o g le .c o m
Questions
1.
A n a ly z e a n d d e te r m in e e a c h o t th e t o llo w in g D N S re s o u r c e re c o rd s :
SOA
2.
NS
PTR
CNAME
MX
SRY
a n s w e r.
3.
D e te r m in e w h e n y o u w ill r e c e iv e re q u e s t tim e o u t in n s lo o k u p .
In t e r n e t C o n n e c t io n R e q u ir e d
0 Yes
No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
!L a b s
in d iv id u a lp h o n e num b ers.
Lab Scenario
Valuable
m fonnatioti______
Test your
knowledge
re la te d to
*d W eb exercise
DNS records u s in g
m a k in g d ie s e rv e r c a c h e th e in c o r r e c t e n trie s lo c a lly a n d s e rv e th e m to o th e r u se rs
th a t m a k e th e sa m e re q u e st. A s a p e n e tra tio n te ste r, y o u m u s t a lw a y s b e c a u tio u s
m W orkbook review
a n d ta k e p r e v e n tiv e m e a su re s a g a in s t a tta ck s ta rg e te d a t a n a m e s e rv e r b y
securely
th e a m p lific a tio n re c o rd .
T o b e g in a p e n e tra tio n te st it is a ls o im p o rta n t to g a th e r in fo rm a tio n a b o u t a
location to
111
user
tin s p a rtic u la r la b , w e
AnyWho o n lin e
to o l.
Lab Objectives
T h e o b je c tiv e o f d u s la b is to d e m o n s tra te th e fo o tp r in tin g te c h n iq u e to c o lle c t
confidential information
c o ntact details,
H Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
o n a n o rg a n iz a tio n , s u c h as then:
a n d th e ir
s e a rc h a n d p h o n e n u m b e r lo o k u p u s in g h ttp : / /w w w .a n y w h o .c o m .
Lab Environment
111
th e la b , y o u n e e d :
A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n
T in s la b w ill w o r k
2 0 1 2 . W indow s
CEH Lab Manual Page 20
key personnel
u s in g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e r fo r m p e o p le
111
8,
th e C E H la b e n v ir o n m e n t - o n
W indow s S erver
W indow s S e rv e r 2 0 0 8 . a n d W indow s 7
Ethical Hacking and Countenneasures Copyright by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Lab Duration
T u n e : 5 ]\ lu iu te s
Overview of AnyW ho
A n y W h o is a p a rt o t d ie ATTi fam ily o t b ra n d s , w liic h m o s tly to c u s e s o n lo c a l
se a rch e s t o r p ro d u c ts a n d s e rv ic e s . T lie site lis ts in fo r m a tio n fr o m th e
(F u id a P e r s o n / R e v e r s e L o o k u p ) a n d th e
Y ellow Pages (F in d
W hite Pages
a B u s in e s s ).
Lab Tasks
1.
L a u n c h S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r o il th e lo w e r- le ft
c o r n e r o f th e d e s k to p
s e a r c h f o r l o c a l b u s in e s s e s
by name to quickly find
their Yellow Pages listings
with basic details and maps,
8 W in d o w s Se rver 2012
Window* Server
KIWI
profiles or online
reservations.
F I G U R E 3 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
2.
01
la u n c h
a n y o th e r b r o w s e r
F I G U R E 3 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s
TASK 1
People Search
3.
L i d ie b ro w s e r, ty p e
k e y b o a rd
w ith AnyWho
4 * C
X0741u\1cu\
(wwanyAo;orj
A n yW h o
9 <k.fc<S= LOOKUP
X0741u\1cu\
u
A n y W h o is p a r t o f t h e
Find a Person
X0741u\1cu\
X3251u\1cu\X7941u\1cu\
X4051u\1cu\
X7941u\1cu\
ceyorap
services.
X0741u\1cu\X4941u\1cu\X8841u\1cu\
*!E]
Br Nimm>
X3251u\1cu\
I By Awkm 1 By Ph4n Min**
X3251u\1cu\
X4251u\1cu\
X3251u\1cu\
X3251u\1cu\
X7941u\1cu\
If * !< <ro
(g rM yJm i
F I G U R E 3 .3 : A n y W h o - H o m e P a g e h t t p : / / w w w . a n y w h o . c o m
4.
In p u t d ie n a m e o f d ie p e rs o n y o u w a n t to s e a rc h fo r in d ie
s e c tio n a n d c lic k
X0741u\1cu\
ca
Find a Person
Find
it
AnyWho
ft
B s YELLOW PACES
WHITE PAGES
REVERSE LOOKUP
UAPS
W h it e P a g e s | Fin d P e o p le B y N am e
^ Find a Person
Rose
City or ZIP
By Mama
| Christian
1
X7941u\1cu\
F I G U R E 3 .4 : A n y W h o N a m e S e a r c h
5.
A n y W h o re d ire c ts y o u to
d ie n a m e y o u h a v e e n te re d .
TX0741u\1cu\
h e n u m b e r o f re s u lts m ig h t v a n
Find a Person by Name . Byi!** ..ByAd d iv ii
Rose
Chnstian
'tnt'O 1501
Tind m o ie
R ose A Christian
X4251u\1cu\
X4251u\1cu\
a m to Accreea 899( uape & Dnvng Drocncr s
R ose B Christian
MMIC
X7941u\1cu\
X7941u\1cu\X7941u\1cu\
(searches by category or
By Phone Numbvf
m m +0* O M W
o n a r e g u l a r b a s is .
X0741u\1cu\
WacsX7941u\1cu\
& Drtvhg DJectione
Rose C Christian
X4251u\1cu\X7941u\1cu\
X7941u\1cu\X7941u\1cu\mmmm
W *% 9t t t
X4251u\1cu\
MM
Ro* E Christian
X4251u\1cu\
F I G U R E 3 .5 : A n y W h o P e o p l e S e a r c h R e s u lt s
task
6.
Information
Southfield PI,
0-f
-SH ' 6
Get Directions
X3151u\1cu\
m
Enter Address
Southfield PI.
X0741u\1cu\
3 re. MD 21212
Cet Directions
>
Gulf of
X3251u\1cu\
X3251u\1cu\
F I G U R E 3 .6 : A n y W h o - D e t a i l S e a r c h R e s u l t o f R o s e A C h r is t ia n
7.
S in u la d y , p e r fo rm a re v e rs e s e a rc h b y g iv in g p h o n e n u m b e r o r a d d re ss 111
d ie Reverse Lookup h e ld
y=l The Reverse Phone
Lookup service allows
X3251u\1cu\
AnyW ho
X3251u\1cu\
l o o k u p w h o i t is r e g i s t e r e d
X3251u\1cu\
to.
JLkVHIfE PACES
KkfcKSt LOOKUP
AbWJPC006 LOOKUP
X8841u\1cu\X2051u\1cu\X7941u\1cu\
Reverse Lookup
Phone Number
| <0sx r|
X7941u\1cu\
X0941u\1cu\
X3051u\1cu\
e 8185551212. (818)655-1212
X4941u\1cu\X8051u\1cu\
HP Cell phone numbers are not ewailable
Personal iJ6nnr.inc information available on
AnyWho
is n pwaed by AT&T and is provided solerf by an
i^affiated third parly intelius. Inc Full Di$daimer
F I G U R E 3 .7: A n y W h o R e v e r s e L o o k u p P a g e
Rose A Christian
Southfield PI, - - lore. MD 21212
X0741u\1cu\
Get Directions
Enter Address
options:
To have your listing
Reverse Directions
C h in q u a p in
X0741u\1cu\
without obtaining an
La ke Ev e s h a m
Pa r k Belvedere
Govanstown
unpublished telephone
M i d -G o v a n s
Dnwci
Wyndhurst
P '* C a m e ro n
V i lla g e
'// He
Wooi
Chinqu 4p
Pork
Ke n il w o r t h Park
Ro l a n d Park
W in s t o n -G o v a n s
F I G U R E 3 .8 : A n y W h o - R e\ *e1 s e L o o k u p S e a r c h R e s u l t
Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d 111 d ie la b e x e rcise .
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
W h it e P a g e s ( F i n d p e o p le b y n a m e ) : E x a c t lo c a tio n
o f a p e rs o n w it h a d d re s s a n d p h o n e n u m b e r
AnyWho
G e t D ir e c t io n s : P r e c is e r o u te to th e a d d re s s fo u n d
t o r a p e rs o n
R e v e r s e L o o k u p ( F i n d p e o p le b y p h o n e n u m b e r ):
E x a c t lo c a tio n o f a p e r s o n w it h c o m p le te a d d re s s
Questions
1.
2.
3.
4.
C a n y o u tin d a p e rs o n 111 A n y W h o th a t y o u k n o w h as b e e n a t th e sa m e
lo c a tio n fo r a y e a r o r le s s ? I f y e s , h o w ?
5.
In t e r n e t C o n n e c t io n R e q u ir e d
0 Yes
N<
P la t f o r m S u p p o r t e d
0 C la s s r o o m
!L a b s
p eo p le.
ICON
KEY
(^ 7 Valuable
information
Test your
knowledge
W eb exercise
W orkbook review
Lab Scenario
F o r a p e n e tra tio n te ste r, it is a lw a y s a d v is a b le to c o lle c t a ll p o s s ib le in fo rm a tio n
a b o u t a c lie n t b e fo re b e g in n in g th e test.
111
th e p re v io u s la b , w e le a rn e d a b o u t
AnyWho
m a n y to o ls a v a ila b le th a t c a n b e u se d to g a th e r in fo rm a tio n o n p e o p le , e m p lo y e e s ,
confidential information
o f k e y p e rs o n s
111
o rg a n iz a tio n .
Lab Objectives
T h e o b je c tiv e o t tin s la b is to d e m o n s tra te th e fo o tp r in tin g te c ln n q u e s to c o lle c t
people information u sm g
p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm a p e o p le
s e a rc h u sm g h tt p :/ / w w w .s p o k e o .c o m .
Lab Environment
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
111
th e la b , y o u n e e d :
A w e b b ro w s e r w ith a n In te r n e t c o im e c tio n
T in s la b w ill w o r k
2 0 1 2 . W indow s
111
8,
th e C E H la b e n v ir o n m e n t - o n
W indow s S erver
W indow s S e rv e r 2 0 0 8 , a n d W indow s 7
Lab Duration
T n n e : 5 M in u te s
an
Overview of Spokeo
S p o k e o a g g re g ates v a s t q u a n titie s o f p u b lic d a ta a n d o rg a n iz e s d ie in fo rm a tio n in to
e a s y - to - fo llo w p ro file s . In fo r m a t io n su c h as n a m e , e m a il a d d re ss , p h o n e n u m b e r,
a d d re ss , a n d u s e r n a m e c a n b e e a s ily fo u n d u s in g th is to o l.
1.
People Search
Spokeo
L a u n c h th e
S ta rt m e n u
b y h o v e r in g th e m o u s e c u r s o r 111 th e lo w e r - le ft
c o r n e r o f th e d e s k to p
: 8 W in d o w s Server 2012
w w i 1P"L
W' W
F I G U R E 4 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
2.
Start
Mwugor
Fa
X7941u\1cu\X7941u\1cu\
X0741u\1cu\
m
S p o k e o 's p e o p l e
Windows
IW r tto ll
Administr...
Tools
Mannar
Hyppf-V
Virtjal
Command
Prompt
Computer
Tad(
Marager
A d m inistrator
rn
Earth
X0741u\1cu\X0741u\1cu\
X4251u\1cu\
X7941u\1cu\
X4251u\1cu\
,1 '
^
Adobe
Reader x
X4251u\1cu\
______
Gcoglc
chrome
F I G U R E 4 .2 : W i n d o w s S e r v e r 2 0 1 2 - A p p s
3.
O p e n a w e b b ro w s e r, ty p e
d ie
k e y b o a rd
X0741u\1cu\
C 'iwiwvlwiecccrr
sp ck e o
N*me
tm*1
Hno*
itvmna
AMn>
[
m
Qi
Username
Residential Address
F I G U R E 4 .3 : S p o k e o h o m e p a g e h t t p : / A f w v p . s p o k e o . c o m
4.
T o b e g in d ie s e a rch , in p u t d ie n a m e o f d ie p e rs o n y o u w a n t to se a rc h fo r 111
X7941u\1cu\X7941u\1cu\
X1941u\1cu\
X4251u\1cu\
X3251u\1cu\
X0741u\1cu\
X0741u\1cu\
?***!.
vwwuwk'OCC/n
sp ck e o
Emal
Pnw*
Uwrww
M tn i
Rom Chriatan
c>
X4251u\1cu\
F I G U R E 4 .4 : S p o k e o N a m e S e a r c h
5.
S p o k e o re d ire c ts y o u to
search results w id i
d ie n a m e y o u h a v e e n te re d
S p o k e o 's e m a i l s e a r c h
F I G U R E 4 .5 : S p o k e o P e o p l e S e a r c h R e s u lt s
F I G U R E 4 .6 : S p o k e o P e o p l e S e a r c h R e s u lt s
F I G U R E 4 .7 : S p o k e o P e o p l e S e a r c h R e s u lt s
8.
S e a rc h re s u lts d is p la y in g d ie
a n d State, e tc.
<
X0741u\1cu\
spekeo
on&7-t30#Alabarfl;3&733G1931
* SJ
-----1 is
0 Contantt
( M ,
1
a
di
v rant Oeuas
X4251u\1cu\
X0741u\1cu\
Location Nttory
X0741u\1cu\
X3251u\1cu\
sj
Rose Christian
SL
ConWei
Bunptc I it
UM^orH-). Al J611J
gyahoo.co
X3251u\1cu\
See taaSy Ir
Te (M a* yfim
ttnyttimnmtH artnt e
MmkISuus
So* AvMlahl*
UmiiM
So Available Kccultc
Soo Available Kcculfc
1 Fara*1 &*chrcu1:J
1 onetM & J osji Pre*la*
I0
F I G U R E 4 .8 : S p o k e o P e o p l e S e a r c h R e s u lt s
9.
,m i
S e a rc h re s u lts d is p la y in g d ie
Location History
& = y A l l r e s u lt s w i l l b e
d i s p l a y e d o n c e t h e s e a r c h is
completed
spckeo
| Location Hittory
F I G U R E 4 .9 : S p o k e o P e o p l e S e a r c h R e s u lt s
10. S p o k e o s e a rc h re s u lts d is p la y d ie
wJBdmw
spckeo
*\
^57& -:]OAI0b<1rr3C73>6
Koe Christian -nteraClty
wiHy Bacfcpround
X3251u\1cu\
raudrt In# rf Nm
Mir** d
F I G U R E 4 .1 0 : S p o k e o P e o p l e S e a r c h R e s u lt s
I U k !! O n l i n e m a p s a n d
street view are used by over
11. S p o k e o s e a rc h re s u lts d is p la y d ie
Neighborhood to r
th e s e a rc h d o n e
3 0 0 ,0 0 0 w e b s i t e s , i n c l u d i n g
most online phone books
X3251u\1cu\
17*t30Alatrtma:367;
spckeo
F I G U R E 4 . 1 1: S p o k e o P e o p l e S e a r c h R e s u lt s
S p o k e o 's r e v e r s e
Search
h e ld to fin d d e ta ils o f a k e y p e rs o n o r a n
o rg a n iz a tio n
s y s t e m . S p o k e o 's r e v e r s e
phone number search
ootejp.'scafch
>St= UO&P
it
aggregates hundreds of
millions of phone book
spokeo
<*,
- I
X4251u\1cu\
Q
WlrilNam
X7941u\1cu\
POfc
n I
) AnM*
V rr!* OaUtH
1> iw am o m iwcmm r*ww . cm
X0741u\1cu\X0741u\1cu\
X0741u\1cu\X7941u\1cu\
""
X0741u\1cu\
**
__
-- ----
Mwt
Locution Hlttcry
------- _
jr.!!
F I G U R E 4 .1 2 : S p o k e o R e v e r s e S e a r c h R e s u l t o f M i c r o s o f t R e d m o n d O f f i c e
Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d
Tool/Utility
111
d ie la b e x e rcise .
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
P r o f ile D e t a ils :
Current Address
Phone Number
E m a il A d d r e s s
M a r it a l S ta tu s
E d u c a t io n
O c c u p a t io n
L o c a t io n H is t o r y : In f o r m a t io n a b o u t w h e r e th e p e rs o n
h a s liv e d a n d d e ta ile d p r o p e r t y in f o r m a t io n
Spokeo
F a m il y B a c k g r o u n d : In f o r m a t io n a b o u t h o u s e h o ld
m e m b e rs t o r th e p e r s o n y o u s e a r c h e d
P h o t o s & S o c ia l P r o f ile s : P h o t o s , v id e o s , a n d s o c ia l
n e t w o r k p r o file s
N e ig h b o r h o o d : In f o r m a t io n a b o u t th e n e ig h b o r h o o d
R e v e r s e L o o k u p : D e t a ile d in f o r m a t io n f o r th e s e a rc h d o n e
u s in g p h o n e n u m b e rs
Questions
1.
H o w d o y o u c o lle c t a ll th e c o n ta c t d e ta ils o f k e y p e o p le u s in g S p o k e o ?
2.
3.
H o w c a n y o u p e rfo r m a re v e rs e s e a rc h u s in g S p o k e o ?
4.
w ill y ie ld .
In t e r n e t C o n n e c t io n R e q u ir e d
0 Yes
No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
!L a b s
Lab Scenario
Valuable
th e p re v io u s k b , y o u le a rn e d to d e te rm in e a p e rs o n o r a n o rg a n iz a tio n s lo c a tio n
information______
111
Test your
knowledge
= W eb exercise
W orkbook review
u s e r b y p o s in g as a n e ig h b o r, th e c a b le g u v , o r th ro u g h a n y m e a n s o f s o c ia l
e n g in e e rin g . 111 th is la b , y o u w ill le a rn to u se th e
SmartW hois
to o l to lo o k u p a ll o l
th e a v a ila b le in fo r m a tio n a b o u t a n y I P a d d re ss , h o s tn a m e ,
01
X0741u\1cu\
d o m a in a n d u s in g
Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts a n a ly z e
domain a n d IP address q u e n e s.
T in s la b h e lp s y o u to g e t m o s t a v a ila b le in fo rm a tio n 0 1 1 a
hostnam e, IP address,
a n d domain.
Lab Environment
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
X0741u\1cu\
Footprinting and
Reconnaissance
111
th e la b y o u n e e d :
A c o m p u te r r u n n in g a n y v e r s io n o f
A d m in is t r a to r p r iv ile g e s to r u n
access
S m artW hois
111
D:\CEH-T00ls\CEH v 8 M odule 02
d o w n lo a d a b le f r o m h t t p :/ / w w w .ta m o s .c o m
I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111
W indow s w it h In te rn e t
s cre e n s h o ts s h o w n
th e la b m ig h t d if f e r
Lab Duration
X3251u\1cu\
E Q h t t p : / / w w w .. t a m o s . c o
T u n e : 5 M in u te s
Overview of SmartWhois
S m a r tW h o is is n e tw o rk in fo rm a tio n u tilit y th a t a llo w s y o u to lo o k u p m o s t a v a ila b le
in fo rm a tio n
011
in c lu d in g c o u n tr y , sta te o r
p ro v in c e , c ity , n a m e o f th e
te c lu iic a l s u p p o rt c o n ta c t
in fo r m a tio n , a n d a d m in is tra to r.
m
SmartWhois can be
S m a r tW h o is h e lp s y o u to s e a rc h fo r in fo r m a tio n s u c h as:
T h e o w n e r o l th e d o m a in
T h e o w n e r o f d ie I P a d d re ss b lo c k
HTTP/HTTPS proxy
servers. Different SOCKS
v e r s i o n s a r e a ls o s u p p o r t e d .
Lab Tasks
N ote: I f
y o u a re w o r k in g 111 th e lL a b s e n v ir o n m e n t, d ir e c tly ju m p to
step
num ber 13
1.
F o llo w th e w iz a r d - d r iv e n
2.
T o la u n c h th e
S ta rt
in s ta lla tio n
s te p s a n d in s ta ll S m a r t W h o is .
m e n u , h o v e r th e m o u s e c u r s o r 111 th e lo w e r - le ft
c o r n e r o f th e d e s k to p
obtained information to an
a r c h i v e f i le . U s e r s c a n l o a d
this archive the next time
F I G U R E 5 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
3.
T o la u n c h
111
apps
Start
X4251u\1cu\
X4251u\1cu\
Microsoft
Ucrwoft
Proxy
WcrG 2010
Office 2010
jptoad
Workben.
X7941u\1cu\X0051u\1cu\
W11RAR
X5051u\1cu\
Snog it!
Editor
p lr ^ ?
X2941u\1cu\X7941u\1cu\
Snagit 10
Adobe
Reader X
Start
<&rt
Met
Googfe
harm *u
J
Googie
Earn n _
ccnfigur..
Google
Earth
Uninstol
S' S
Bl
jlDtal
VJatworir
Keqster
AV Picture
Vcwrr
AV Picture
Vicwor
Run Client
\Aeb DMA
Google
Chtomt
Uninstall
C.
&
Mg)Png
MTTflort
).ONFM
5r
X7941u\1cu\
X0741u\1cu\
;<
X7941u\1cu\X2941u\1cu\ X4941u\1cu\
4.
MIB
Com pier
41
Dcrroin
Name Pro
Uninstall
or Repair
GEO
Mage
NctTrazc
S
Visual IP
Trace
HyperTra.
Updates
VisualKc...
?010
Reqister
Hyper Ira.
Hdp
FAQ
Uninstall
UypwTia..
PingPlott
Standard
I?
t
R jr Server
Path
id
f
SnurnMi
*>
HyporTra
F I G U R E 5 .2: W i n d o w s S e r v e r 2 0 1 2 A p p s
T AS K 1
T h e S m artW hois m a in w in d o w a p p e a rs
4.
ro
Lookup IP
B|
>8
1)88
Whois Console
Ready
Custom Query.
F I G U R E 5 .3 : T h e S m a r t W h o i s m a i n w i n d o w
D.
Type an
th e fie ld ta b . A 11
e x a m p le o f a d o m a in n a m e qX0741u\1cu\
u e ry is s h o w n as fo llo w s , w w w .g o o g le .c o m .
T IP, host or domain: 9 google.com
Quety
F I G U R E 5 .4 : A S m a r t W h o i s d o m a i n s e a r c h
6.
N o w , c lic k th e
D om ain
Query ta b
As
to e n te r d o m a in n a m e 111 th e fie ld .
S m a r t W h o i s is
F I G U R E 5 .5 : T h e S m a r t W h o i s S e l e c t i n g Q u e r y t y p e
7.
111 th e le f t p a n e o f th e w in d o w , th e
SmartWhois can
S m a rtW h o is
X0741u\1cu\
p r o c e s s li s t s o f I P
resu lt
d is p la y s , a n d d ie r ig h t p a n e
query.
d is p la y s d ie re s u lts o f y o u r
Evaluation Version
addresses, hostnames, or
domain names saved as
plain text (ASCII) or
X3251u\1cu\
7] <>
Query
f o r m a t f o r s u c h b a t c h f i le s
9009le.c0m
Dns Admin
Google Inc.
Please contact contact-admingSgoogle.com 1600 Amphitheatre Parkway
Mountain View CA 94043
United States
dns-admingoogle.com *1.6502530000 Fax: 1.6506188571
DNS Admin
Google Inc.
1600 Amphitheatre Paricway
Mountain View CA 94043
United States
dns-admin@qooale.com 1.6506234000 Fax: . 1.6506188571
X3941u\1cu\
DNS Admin
I Google Inc.
2400 E. Bayshore Pkwy
Mountain View CA 94043
United States
dns-adm1ngi9009le.c0m 1.6503300100 Fax: 1.6506181499
1
ns4.google.com
ns3.google.com
F I G U R E 5 .6 : T h e S m a r t W h o i s D o m a i n q u e r y r e s u l t
8.
C lic k th e C le a r ic o n
X0741u\1cu\
111
th e t o o lb a r to c le a r d ie h is to r y .
Sm a rtW h o is
JT ^
B>
F I G U R E 5 .7 : A S m a r t W h o i s t o o l b a r
9.
T o p e r fo r m a s a m p le
ty p e w w w .fa c e b o o k .c o m .
111
d ie fie ld .
v ^ c^ Q u ery^ ^
facebook.com
F I G U R E 5 .8 : A S m a r t W h o i s h o s t n a m e q u e r y
11 .
m
111
th e le f t p a n e o f th e w in d o w , th e
domain registration
database, enter a domain
name and hit the Enter key
while holding the Ctrl key,
X4251u\1cu\
X4251u\1cu\
resu lt
d is p la y s , a n d 111 th e r ig h t
p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r
query.
0 3?
t 'T S
B> 3>
<> Query
U
Domain Administrator
Facebook, Inc.
1601 Willow Road
Menlo Park CA 94025
United States
domainffifb.com -1.6505434800 Far 1.6505434800
Domain Administrator
Facebook, Inc.
1601 Willow Road
Menlo Park CA 94025
United States
domainfb.com -1.6505434800 Fax: 1.6505434800
X3941u\1cu\
Domain Administrator
Facebook, Inc.
1601 Wil ow Road
Menlo Park CA 94025
United States
doma1nffifb.com 1.6505434800 Fax: 1.6505434800
ns3.facebook.com
, ns5.facebook.com
m
I f y o u r e s a v i n g
F I G U R E 5 .9 : A S m a r t W h o i s h o s t n a m e q u e r y r e s u l t
12. C lic k th e C le a r ic o n
111
th e t o o lb a r to c le a r th e h is to r y .
13. T o p e r fo r m a s a m p le
IP A ddress q u e r y ,
(W in d o w s 8 I P a d d re s s ) 111 th e
ty p e th e I P a d d re s s 1 0 .0 .0 .3
^ 10.0.0.3
F I G U R E 5 .1 0 : A S m a r t W h o i s I P a d d r e s s q u e r y
14. 111 th e le f t p a n e o f th e w in d o w , th e
resu lt
d is p la y s , a n d 111 th e r ig h t
p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r
query.
^3
SmartWhois - Evaluation
Version
X0741u\1cu\X0741u\1cu\
X1051u\1cu\
X7941u\1cu\
r x
X3251u\1cu\b
10.0.0.0 -10.255.255....
!=
Query
10.0.0.3
X X 10.0.0.0 10255.255.255
I
H=y1 S m a r t W h o i s s u p p o r t s
69
specifying IP
yj;
address/hostname/domain
, as well as files to be
X0941u\1cu\X3941u\1cu\
X7941u\1cu\
opened/saved.
A
l
X0741u\1cu\ X0741u\1cu\
1-310-301 5820
9buse1ana,org
301-58200 abuseO1ana.0rg
> PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED
[n
Updated: 2004-02-24
Source: whois.arin.net
View source
Done
_________________J
F I G U R E 5 .1 1 : T h e S m a r t W h o i s I P q u e r y r e s u l t
Lab Analysis
D o c u m e n t a ll th e I P a d d re s s e s / h o s tn a m e s f o r th e la b t o r f u r th e r in f o r m a t io n .
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
D o m a in n a m e q u e r y r e s u lt s : O w n e r o f th e w e b s ite
H o s t n a m e q u e r y r e s u lt s : G e o g r a p h ic a l lo c a tio n o f
S m a r t W h o is
th e h o s te d w e b s ite
I P a d d r e s s q u e r y r e s u lt s : O w n e r o f th e I P a d d re s s
b lo c k
Questions
1.
D e te r m in e w h e th e r y o u c a n u se S m a r tW h o is i f y o u a re b e h in d a fir e w a ll o r
a p ro x y s e rv e r.
2.
3.
4.
W h a t a re L O C re c o rd s , a n d a re th e y s u p p o rte d b y S m a r tW h o is ?
5.
W h e n ru n n in g a b a tc h q u e ry , y o u g e t o n ly a c e rta in p e rc e n ta g e o f th e
d o m a in s / IP a d d re sse s p ro c e s s e d . W h y a re s o m e o f th e re c o rd s u n a v a ila b le ?
In t e r n e t C o n n e c t io n R e q u ir e d
Yes
No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
0 !L a b s
Lab
Lab Scenario
Valuable
information______
U s in g th e in fo r m a tio n
111
th e p re v io u s
Test your
knowledge
= W eb exercise
W orkbook review
te s te r to th o ro u g h ly le a rn a b o u t th e o rg a n iz a tio n s n e tw o rk e n v iro n m e n t fo r
p o s s ib le v u ln e ra b ilitie s .
T a k in g a ll
th e
in fo rm a tio n g a th e re d in to
a c c o u n t,
routes of attack. T h e sa m e
a n d tro u b le s h o o t
H e r e y o u w ill b e g u id e d to tra c e d ie n e tw o r k ro u te u s in g d ie to o l
Lab Objectives
re search e m a il addresses,
T h e o b je c t iv e o f tin s la b is to h e lp s tu d e n ts
n e t w o r k p a th s , a n d I P a d d re s s e s . T h is la b h e lp s to d e te r m in e w h a t I S P , r o u te r ,
o r s e rv e rs a re re s p o n s ib le f o r a
n e tw o rk problem .
Lab Environment
H Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
111
th e la b y o u n e e d :
P a t h A n a ly z e r p ro : P a t h A n a ly z e r p r o is lo c a te d a t D
Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f
P ath A n a ly ze r Pro fr o m
th e lin k h tt p :/ / w w w .p a t h a 11a ly z e r .c o m / d o w n lo a d .o p p
I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111
:\CEH-Tools\CEHv 8
s creen sh ots s h o w n
th e la b m ig h t d if f e r
W indow s S erver 2 0 1 2
In s t a ll tin s t o o l o n
D o u b le - c lic k PAPro27.m si
F o llo w th e w iz a r d d r iv e n in s ta lla t io n to in s ta ll it
A d m in is t r a t o r p r iv ile g e s to r u n
Lab Duration
T u n e : 10 M in u te s
ro u te path
and
tra n s it tim e s o f p a c k e ts a c ro s s a n In t e r n e t p r o t o c o l ( I P ) n e tw o r k . T h e
tr a c e r o u te t o o l is a v a ila b le o n a lm o s t a ll U n ix - lik e o p e r a tin g s y s te m s . V a r ia n t s ,
Traceroute is a
system administrators
utility to trace the route IP
s u c h as
tra c e p a th
o n M ic r o s o f t
Lab Tasks
1.
F o llo w th e w iz a r d - d r iv e n in s ta lla t io n s te p s to in s ta ll P a t h A n a ly z e r P r o
2.
T o la u n c h th e
S ta rt
m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft
c o r n e r o f th e d e s k to p
F I G U R E 6 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
3.
T o la u n c h
A dm inistrator
Start
&
Server
M<nye1
within seconds by
generating a simple report
Wncawi
PuwerStiell
Compute
Task
Manager
Admimstr..
Tooh
Mozilla
Fkiefctt
ttyp*f-V
Manager
hyperV
Virtual
Machine
Command
Prompt
Google
Chrome
Google
fcarth
Adobe
Reader X
<0
Path
Aiktyiet
Pt02J
X7941u\1cu\X7941u\1cu\
X7941u\1cu\X8051u\1cu\
&
F I G U R E 6 .2 : W i n d o w ' s S e r v e r 2 0 1 2 A p p s
4.
C lic k th e E v a lu a te b u tto n
5.
T h e m a in w in d o w o f P a t h A n a ly z e r P r o a p p e a rs as s h o w n in th e
R e g is tr a t io n F o r m
011
f o llo w in g s c re e n s h o t
X2051u\1cu\
9 4
New 0092
X0741u\1cu\
P efcrercE
Help
Standard Options
Protoca)
<D ICM5
X3251u\1cu\
I O TO> ( J
'C Report
N*T-f*rx/
Trace
| Onc-ttroe Trace
O ucp
source Pat
I RcnJw [65535
Traces Mods
I () Defaiit
I C) FIN5*oc*tt fW/
ASN
Netivork Name %
X0741u\1cu\
X0741u\1cu\
X3251u\1cu\
X0741u\1cu\
Srrart
6^
T]
Ufetim
1
nr*sec0ncs
Type-cf-55rvce
() Urspcaficc
O NWnte-Dday
M3xmun TT1_
X3251u\1cu\X0741u\1cu\
[*j Ran^orr |l
U
-$\
acct^otu
o r d e r X0741u\1cu\
to solicit an RST or
^ r 0 03 la
F I G U R E 6 .3 : T h e P a t h A n a l y z e r P r o M a i n w i n d o w
6. S e le c t th e
IC M P
p r o to c o l in th e
Standard Options
Protocol
ICMP |
O
TCP
NAT-friendly
0 UDP
Source P ort
1 I Random
65535
-9-
Tracing Mode
( ) D efault
O A daptive
O FIN Packets Only
F I G U R E 6 .4 : T h e P a t h A n a l y z e r P r o S t a n d a r d O p t i o n s
7.
of p a c k e t
email address.
111
th e Length
th e n d e fa u lt s e ttin g s .
X0741u\1cu\
its target, be it an IP
address, a hostname, or an
Note:
F ir e w a ll is r e q u ir e d to b e d is a b le d f o r a p p r o p r ia te o u tp u t
benefits:
Research IP addresses,
Smart
64
Lifetime
300
Pinpoint and
milliseconds
troubleshoot network
availability and
Type-of-Service
p e r f o r m a n c e is s u e s
() Unspecified
O Minimize-Delay
router, or server is
responsible for a
Maximum TTL
network problem
30
impacting connections
0 Random
Visually analyze a
network's path
characteristics
*
F I G U R E 6 .5 : T h e P a t h A n a l y z e r P r o A d v a n c e d P r o b e D e t a i l s w i n d o w
8.
9.
hops
111 th e
A dvanced T ra c in g D e ta ils
s e c tio n , th e o p tio n s r e m a in a t th e ir
d e fa u lt s e ttin g s .
C h e c k Stop on control m essages (ICM P)
111
th e A d van ce T racin g
D e ta ils s e c tio n
impressive reports
Work-ahead Limit
X7941u\1cu\
t i m e d t e s t s w i d i r e a l-
01 TTLs
Minimum Scatter
history
20
milliseconds
10
Maximum:
S m a rt as d e fa u lt
(65535).
T arg et:
w w w.google.com
Trace
| | One-time Trace
F I G U R E 6 .7 : A P a t h A n a l y z e r P r o A d v a n c e T r a c i n g D e t a i l s o p t i o n
Note: Path Analyzer
Target:
ww w .google.com
Po rt: 0 Sm a rt
X0741u\1cu\
65535
Trace
] [ Timed Trace
F I G U R E 6 .8 : A P a t h A n a l y 2 e r P r o A d v a n c e T r a c i n g D e t a i l s o p t i o n
12. E n t e r th e
Type tim e o f tr a c e
111
th e p r e v io u s ly m e n tio n e d fo r m a t as
<>
-0-3
<>
Cancel
Accept
SB TASK 2
F I G U R E 6 .9 : T h e P a t h A n a l y z e r P r o T y p e t i m e o f t r a c e o p t i o n
T ra c e Reports
13. \ X lu le P a th A n a ly z e r P r o p e r fo r m s th is tr a c e , th e
T a rg e t:
T ra c e
ta b c h a n g e s
Stop.
a u to m a tic a lly to
vvww.google.com
Stop
Tim ed Trace
F I G U R E 6 .1 0 : A P a t h A n a l y z e r P r o T a r g e t O p t i o n
d ep ictin g
R eport ta b
X3251u\1cu\
c h a rt
| Titred Trace
X0741u\1cu\
H = y j T hX0741u\1cu\
e Advanced Probe
to d is p la y a lin e a r
th e n u m b e r o f h o p s b e tw e e n y o u a n d th e ta rg e t.
Loc (3 Stats
D e t a i l s s e t t in g s d e t e r m i n e
how probes are generated
to perform the trace. These
include the Length of
packet, Lifetime, Type of
|Hop
Hostname
IP Adciesj
ASN
.nt
5.29.static
98.static.52
1.95
).145
2100.net
Krln Latency
13209
0.0c
3.96
4755
0.00
4.30
OJM
JJC
DOC
3.X
0JX
1663
25T7
X0741u\1cu\
2582
2607
25.W
v... 4755
151&9
15169
15169
15169
GOOGLE
GCOGLE
GOOGLE
GOOGLE
Latency
StdDev
257.78
63179
165.07
lllllllllllllllllllllll127924
776113
227.13
llllllllllllllll 251.84
lllllllllllllllll 260.64
lllllllllllllllllll
!llllllllllllllllll 275.12
ll lllllllllllllllll 309.08
567.27
62290
276.13
66022
71425
176.7S
81.77
660.49 208.93
2C3.45
219.73
F I G U R E 6 .1 1 : A P a t h A n a l y z e r P r o T a r g e t o p t i o n
Length of packet:
T h i s o p t i o n a l l oX0741u\1cu\
ws you to
Report |
Sy-Kpnc
X7941u\1cu\
Trace
|E
Chorto
j^
Geo
| [gj
lined Trace
74.125236.176
g e n e r a l r u l e , is
approximately 64 bytes,
depending on the protocol
u s e d . T h e m a x i m u m s iz e o f
w.vw.gocg o co.
REGISTRIES
The orgamzaton name cn fi e at the registrar for this IP is Google Inc. and the organization associated *ith the originating autonomous system is Google Inc.
jumbo frames.
INTERCEPT
The best point cf lav/u intercept is within the facilities of Google Inc..
F I G U R E 6 .1 2 : A P a t h A n a l y z e r P r o T a r g e t o p t i o n
TASK 3
V ie w Charts
Target: I mvw.goo^c.a:
X0741u\1cu\
Race
| |Timednace
0^
X9941u\1cu\
: sa
eg
600
X9941u\1cu\
-S
500
S400
300E
%
zoo
10
Anomaly
m
F I G U R E 6 .1 3 : T h e P a t h A n a l y z e r P r o C h a r t W i n d o w
TASK 4
V ie w Im aginary
Map
F I G U R E 6 .1 4 : T h e P a t h A n a l y z e r P r o c h a r t w i n d o w
TASK 5
V ital Statistics
Source
X0741u\1cu\X3251u\1cu\
X3251u\1cu\X0741u\1cu\
X3251u\1cu\
X3251u\1cu\
X7941u\1cu\
X3251u\1cu\
X3251u\1cu\
m
M
a x iX3251u\1cu\
mum TTL: The
X7941u\1cu\
---------------- q
X0741u\1cu\
1
SjTooss 3 charts I O Geo
X0051u\1cu\
Target
Protocol
&ort: f Smart 30
' |
Tracc
iTimsdTrocc
|2 Slats
Distance
Trace Ended
Filters
10
30908
10
323.98
74.125236.176 ICMP
353.61
74.125236.176 37941
39016
404.82
10
10
74.125236.176 ICMP
10
435.14
10
42423
X0741u\1cu\
2
2
10
465.05
74.125236.176 ICMP
121-3C*Jul UTC53:33
10
2
30 JuM2l 1:5324 UTC
10.0.02(*h0-WN-MSSH( K4K4I;
10
2
2
2
2
2
74.125236.176 ICMP
10
74.125256.176 ICMP
X0051u\1cu\
1C.0.0 (cthC: W N MSSUCK4K41 74.125 236.176 ICMP
10.0.02 (cthO. W NMSSCLCK4K41 74.125236.176 ICMP
10.0.02 (e h0: W N-MSSELCMK41 74.125236.1 6 ICMP
10.0.02 (h0 W N-MSSHl K4K4I; 74.125256.176 ICMP
1C.0.0 (cshC: W N MSSELCMK-11
ICMP
10
10.0.02 (ehO. W M-MSSELCK4K41
ICMP
10
2
2
2
2
2
2
10
417^4
421.11
44992
10
446.94
10
443.51
10
497.68
10
5833
74.125236.176 681.78
649.31
74.125236.176
Source
Target
Protocol
Distance
74.125256.176
ICMP
10
46.5771
Trace Ended
Filters
2
F I G U R E 6 .1 5 : T h e P a t h A n a l y z e ! P r o S t a t i s t i c s w i n d o w
View
Help
9
New
Close
Preferences
Paae Setup
ft
Print
Export
Export KML
Help j
F I G U R E 6 .1 6 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w
2 0 . B v d e fa u lt, th e r e p o r t w ill b e s a v e d a t
A n a ly ze r Pro 2.7.
lo c a tio n .
H o w e v e r , y o u m a y c h a n g e it to y o u r p r e fe r r e d
X0741u\1cu\
Save File
Save Statistics As
Program File...
Organize
v C
z|
1= - I
N e w folder
Downloads
Date m odified
Type
Recent places
N o items m atch you r search.
Libraries
H Docum ents
m
J * M usic
E
Pictures
5 Videos
a n d t h e t a r g e t . I t is s e t t o
Random as the default, but
you can choose another
starting number by
1 % Com puter
Local Disk (C:)
l a Local Disk (D:)
<
File name:
H ide Folders
F I G U R E 6 .1 7 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w
Lab Analysis
D o c u m e n t th e I P a d d re s s e s th a t a re tra c e d f o r th e la b f o r f u r th e r in f o r m a t io n .
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
Report:
Number of hops
I P a d d re s s
H o s tn a m e
ASN
X7941u\1cu\
P a t h A n a ly z e r P r o
Network name
Latency
S y n o p s is : D is p la y s s u m m a r y o f v a lu a b le
in f o r m a t io n 0 1 1 D N S , R o u tin g , R e g is tr ie s , In t e r c e p t
C h a r t s : T r a c e re s u lts 111 th e fo r m o f c h a r t
G e o : G e o g r a p h ic a l v ie w o f th e p a th tra c e d
S t a t s : S ta tis tic s o f th e tra c e
Questions
1.
W h a t is d ie s ta n d a rd d e v ia tio n m e a s u re m e n t, a n d w h y is it im p o rta n t?
2.
3.
n e tw o rk ?
In t e r n e t C o n n e c t io n R e q u ir e d
0 Yes
No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
!L a b s
Lab Scenario
Valuable
111
th e p re v io u s k b , y o u g a th e re d in fo rm a tio n s u c h as n u m b e r o f
hops
b e tw e e n a
m fonnatioti______
h o s t a n d c lie n t,
Test your
X0741u\1cu\
knowledge
n e x t ro u te r. T h e n u m b e r o f h o p s d e te rm in e s th e d is ta n c e b e tw e e n th e s o u rc e a n d
*d W eb exercise
m W orkbook review
IP address,
e tc . A s y o u k n o w , d a ta p a c k e ts o fte n h a v e to g o
em ail headers
a n d d ie ir re la te d d e ta ils to b e a b le to
111
track
eM ailTrackerPR o to o l.
Lab Objectives
T h e o b je c tiv e o f tin s la b is to d e m o n s tra te e m a il U a c in g
using eM ailTrackerPro.
S tu d e n ts w ill le a rn h o w to :
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
T r a c e a n e m a il to its tm e
geographical so u rc e
( IS P ) a n d
fo r a n y e m a il tra c e d
Lab Environment
111 th e la b , y o u n e e d th e e M a ilT r a c k e r P r o to o l.
e M a ilT r a c k e r P r o is lo c a te d a t
D :\C E H -T o o ls \C E H v 8 M o d u le 0 2
Y o u c a n a ls o d o w n lo a d d ie la te s t v e r s io n o f e M a ilT ra c k e rP ro fr o m th e
I f v o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
s cre e n s h o ts s h o w n
h i th e la b m ig h t d if f e r
R u n tin s t o o l 111
T h is la b r e q u ire s a v a lid e m a il a c c o u n t ! H
W indow s S e rv e r 2 0 1 2
W e su g g e s t y o u s ig n u p w it h a n y o f th e s e s e r v ic e s to o b ta in a n e w e m a il
a c c o u n t f o r tin s la b
P le a s e d o n o t u s e y o u r real e m a il a c c o u n ts a n d
th e s e
e x e rc is e
Lab Duration
T u n e : 10 M in u te s
.____ e M a i l T r a c k e r P r o
Overview of eMailTrackerPro
E m a il tr a c k in g is a m e th o d to
m o n ito r or spy o n
e m a il d e liv e r e d to th e
in te n d e d r e c ip ie n t:
W h e n a n e m a il m e s s a g e w a s r e c e iv e d a n d re a d
I f d e s tr u c tiv e e m a il is s e n t
T h e G P S lo c a tio n a n d m a p o f th e r e c ip ie n t
T h e tim e s p e n t re a d in g th e e m a il
W h e t h e r o r n o t th e r e c ip ie n t v is ite d a n y L in k s s e n t 111 th e e m a il
P D F s a n d o th e r ty p e s o f a tta c h m e n ts
Lab Tasks
S.
TASK
T ra c e an Email
1. L a u n c h th e S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r
111
th e lo w e r - le ft
c o r n e r o f th e d e s k to p
W in d o w s Se rver 2012
Windows Serve! 2012 ReleaCarvlKJaie Oatacente!
JL. Liiu
,E m
F I G U R E 7 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
2.
eMailTrackerPro
F I G U R E 7 .2: W i n d o w s S e r v e r 2 0 1 2 A p p s
3.
4.
N o w y o u a re r e a d y to s ta rt tra
5.
c in g
e m a il h e a d e rs w it h e M a ilT ra c k e rP ro
X0741u\1cu\
eMailTrackerPro
X4251u\1cu\
License information
I w a n t to :
"ra:e an emal
H elp & L in k s
View my mtxjx
T h i s t o o l a ls o
tactics.
X2151u\1cu\X2051u\1cu\X3941u\1cu\
X5941u\1cu\
X0151u\1cu\ Go staijv. to
yol
arecr
Irbcx *
eNeirTadyrPio 5tar
vO.Oh(buiH 3375)
8cf s I5da/tnsl. Ta apply a licence cl.ck here or for purchase information cUk here
F I G U R E 7 .3 : T h e e M a i T T r a c k e r P r o M a i n w i n d o w
6.
7.
S e le c t
fr o m th e e m a il y o u w is h to tr a c e a n d p a s te it in
c o p y th e e m a il h e a d e r
u n d e r E n te r D e ta ils a n d c lic k T ra c e
V isualw are e M a ilTra c k e rP ro Tria l (d a y
of
15
------- 1* I
CQDfjgure I Help I About I
eMailTrackerPro by Visualware
Enter Details
To proceed, paste the email headers in the box below (hfiw
I.fjnd.th.h9ir$.?)
Note: If you are using Microsoft Outlook, you can trace an emarf message drectly from Outlook by using the
eMadTrackerPro shortcut on the toolbar.
Em ail h eaders____________________________________________________________________________________
R e t u r n - P a t h : < r i n i m a t t h e w s 0 g m a i l . com >
R e c e i v e d : f r o m WINMSSELCK4K41 ( [ 2 0 2 . 5 3 . 1 1 . 1 3 0 ] ) b y r n x . g o o g l e . c o m w i t h
id wi63ml5681298pbc.35.2012.07.25.21.14.41 (version-TLSvl/SSLv3
c i p h e r = O T H E R ) ; W ed, 2 5 J u l 2 0 1 2 2 1 : 1 4 : 4 2 - 0 7 0 0 (PDT)
6 f 1440a.39bc.331c@mx.google.com>
M e s s a g e - I D : < 5 0 1 0 c 4 3 2 .8
D a c e : W ed, 2 5 J u l 2 0 1 2 2 1 : 1 4 : 4 2 - 0 7 0 0 (PD T)
F r o m : M i c r o s o f t O u t l o o k < r i n i m a t t h e w s @ g m a i l . com >
F I G U R E 7 .4 : T h e e M a i l T r a c k e r P r o b y V i s u a l w a r e W i n d o w
TAS K 2
Note:
111 O u t lo o k , t in d th e e m a il h e a d e r b y f o llo w in g th e s e s te p s :
Finding Email
H eader
D o u b le - c lic k th e e m a il to o p e n it in a n e w w in d o w
C lic k th e s m a ll a r r o w 111 th e lo w e r - r ig h t c o r n e r o f th e
b o x to o p e n
M e ssag e Options in f o r m a t io n
X7941u\1cu\
d is p la y e d
111
th e s c r e e n s h o t
X3251u\1cu\X4251u\1cu\X7941u\1cu\
hi >"<*
X7941u\1cu\X0151u\1cu\
X4251u\1cu\X7941u\1cu\
X0741u\1cu\X4251u\1cu\
X4251u\1cu\
X7941u\1cu\
k-
J- j j
*
------------
X0741u\1cu\
X0741u\1cu\Mim
1I U .oI.
-'
"'
-I
*-...
X1051u\1cu\
X7941u\1cu\X3251u\1cu\
Tags to o lb a r
box
F I G U R E 7 .5 : F i n d i n g E m a i l H e a d e r i n O u d o o k 2 0 1 0
T ra c e
T ra c e rep o rt w in d o w
8.
C lic k in g th e
9.
b u tto n w ill d ir e c t y o u to th e
Em ail
a d d re s s e s m a y v a n 7. Y o u c a n a ls o v ie w th e s u m m a r y b y s e le c tin g
011
th e r ig h t s id e o f th e w in d o w
111
th e
r o u te w it h th e I P a n d s u s p e c te d lo c a tio n s f o r e a c h h o p
11. IP address m ig h t
*
X3251u\1cu\
X3251u\1cu\X4251u\1cu\X0741u\1cu\
[File Options Help
b e d if f e r e n t th a n th e o n e s h o w n 111 th e s c r e e n s h o t
X7941u\1cu\
X7941u\1cu\
viwiRejwit
km:
Misdirected: no
System Information:
X0741u\1cu\
5
3
ID
11
13
14
15
115113.166.96
209 85 251.35
66.2*9 94 92
&*.233175.1
64.233174.178
72.U 23982
72.U 239 65
TOO QC OCT TC
Network Whois
Domain Whois
Email Header
1 You are cr cay6 of a 15 aey t rial. To apply a licence Qick here or ter purchase intorrraticr Cickherc
F I G U R E 7 .6 : e M a i l T r a c k e r P r o E m a i l T r a c e R e p o r t
TASK 3
T ra c e Reports
12. Y o u c a n v ie w th e c o m p le te tr a c e r e p o r t 0 1 1 M y
r*
T ra c e R eports ta b
~ DT *
& a &
Map
ITMI
Delete
Subject
Fiom
com
Moeirg
IP
yahoo.com@<
!
@yahoo.com
...*yahoor
jyahooeom
74 G1
j<$y ahoo.com 202.5:
C O T r a c k i n g a n e m a i l is
Trace intormation
address.
N6diecte 110
r !00)*+
C_
F I G U R E 7 .7 : T h e e M a i l T r a c k e r P r o - M y T r a c e R e p o r t s t a b
Lab Analysis
D o c u m e n t a ll th e liv e e m a ils d is c o v e r e d d u rin g th e la b w it h a ll a d d itio n a l
in fo r m a t io n .
.
emailTrackerPro can
d e t e c t a b n o r m a lit ie s i n t h e
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
M a p : L o c a t io n o f tra c e d e m a il 111 G U I m a p
T a b le : H o p
111
th e r o u te w it h I P
E m a i l S u m m a r y : S u m m a r y o f th e tr a c e d e m a il
eMailT rackerPro
F r o m & T o e m a il a d d re s s
Date
S u b je c t
L o c a t io n
T r a c e In f o r m a t io n :
S u b je c t
Sender IP
L o c a t io n
5619
56
632?
X3251u\1cu\
Repro
X4251u\1cu\
X4941u\1cu\
X0741u\1cu\
X7941u\1cu\
X3251u\1cu\
X4941u\1cu\
X0741u\1cu\
X3251u\1cu\
X9941u\1cu\X9051u\1cu\
X4941u\1cu\
X3251u\1cu\
X0741u\1cu\
X4941u\1cu\
X0741u\1cu\
X1051u\1cu\
X0741u\1cu\
X0741u\1cu\
Questions
1.
m e ssa g e ?
2.
W h a t a re e m a il In te r n e t h e a d e rs ?
3.
4.
fo rw a rd e d ?
5.
E v a lu a te w h e th e r a n e m a il m e ssa g e c a n b e tra c e d re g a rd le s s o f w h e n it w a s
se n t.
In t e r n e t C o n n e c t io n R e q u ir e d
0 Yes
No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
!L a b s
Lab Scenario
/ Valuable
information______
Test your
knowledge
sA W eb exercise
A s y o u a ll k n o w , e m a il is o n e o f th e im p o r ta n t to o ls th a t h a s b e e n c re a te d .
U n f o r t u n a t e ly , a tta c k e rs h a v e m is u s e d e m a ils to s e n d s p a m to c o m m u n ic a te 111
111
s u c h in s ta n c e s , it b e c o m e s n e c e s s a r y f o r
p e n e tr a tio n te s te rs to tra c e a n e m a il to f in d th e
source of e m ail
e s p e c ia lly
w h e r e a c r im e h a s b e e n c o m m itte d u s in g e m a il. Y o u h a v e a lr e a d y le a r n e d in th e
m W orkbook review
c ity , s ta te , co untry,
to p r o v id e s u c h in f o r m a t io n as
e tc . fr o m w h e r e th e e m a il
w a s a c f t ia llv s e n t.
T h e m a jo r it y o f p e n e tr a tio n te s te rs u s e th e M o z illa F ir e f o x as a w e b b r o w s e r t o r
Firebug f o r a w e b
a p p lic a t io n p e n e tr a tio n te s t a n d g a th e r c o m p le te in fo r m a t io n . F ir e b u g c a n
p r o v e to b e a u s e fu l
debugging
t o o l th a t c a n h e lp y o u tr a c k ro g u e J a v a S c rip t
c o d e o n s e rv e rs .
Lab Objectives
T h e o b je c tiv e o f d u s la b is to h e lp s ftid e n ts le a rn e d itin g , d e b u g g in g , a n d m o n ito rin g
C S S , H T M L , a n d Ja v a S c r ip t 111 a n y w e b s ite s .
H Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
Lab Environment
111
th e la b , y o u n e e d :
A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n
T in s la b w ill w o r k
2 0 1 2 , W indow s
CEH Lab Manual Page 55
111
8,
th e C E H la b e n v ir o n m e n t - o n
W indow s S erver
W indow s S e rv e r 2 0 0 8 , a n d W indow s 7
Ethical Hacking and Countenneasures Copyright by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
Lab Duration
T u n e : 10 M in u te s
Overview of Firebug
F ir e b u g is a n a d d - o n to o l fo r M o z illa F ir e fo x . R u n n in g F ir e b u g d is p la y s in fo r m a tio n
su c h as d ir e c to ry s tru c tu re , in te r n a l U R L s , c o o k ie s , s e ssio n ID s , e tc.
Lab Tasks
Firebug includes a lot
1.
of features such as
S ta rt
T o la u n c h th e
m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft
c o r n e r o f th e d e s k to p
debugging, HTML
inspecting, profiling and
etc. which are very useful
for web development.
F I G U R E 8 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
2.
O i l th e
S ta rt
m e n u , c lic k
M ozilla F irefox
to la u n c h th e b r o w s e r
Start
Seroei
Wndows
Admirostt..
Hyper-V
Mauger
poyversheii
TOOK
Manager
On
X7941u\1cu\X3941u\1cu\
m
Firebug features:
Adm inistrator
Task
Manager
Javascript debugging
Javascript
CommandLine
Central
fane
XmlHttpReque st
Logging
X0741u\1cu\
Tracing
Hyper-V
Virtual
Machine..
Command
Prompt
Google
fcarth
Google
Chrome
11 K
Performance and
Mu/illa
hretox
Edit CSS
3.
T v p e th e U R L
111
th e F ir e f o x b r o w s e r a n d c lic k
In s ta ll Firebug
X0741u\1cu\X0741u\1cu\
^
X0741u\1cu\
^ TAS K
| 9
T ! *
X7941u\1cu\
** f rebog
fi\ ft c*
etfreCuq <onr~|
W h a t is Firebug?
Docum entation
Com m unity
FAQ and v:
:tp i. F ir e b u g
Installing Firebug
Install Firebug
Other Versions Firebuc Lite Exi
X7941u\1cu\
Introduction to Firebug
X3251u\1cu\
*0 Use tb most advanced JavaScript debugger available for any browser
<A
X3251u\1cu\
More ScfMWMlI
More Features -
F I G U R E 8 .3: W i n d o w s S e r v e r 2 0 1 2 - A p p s
4.
MMM
X0741u\1cu\
!_!:
X3941u\1cu\
>
Dmnlud fifet
gelfitebug coir ovnlod*/
X0741u\1cu\X0741u\1cu\
*1 0 s1.
^ A 1H
ft c-
Download Firebug
y
j Firebug
r e a l - t im e
Finebug 1.9.2
Compatible with: Firefox 6-13
Powntoad. Retease notes
Firebug 1.8.4
Compatible with: Fliefox 5-9
Download, Release notes
Firebug 1.7.3
Compatible with: Firefox 3.6, 4, 5
F I G U R E 8 .4: W i n d o w s S e r v e r 2 0 1 2 A p p s
5.
X3941u\1cu\X7941u\1cu\
X4251u\1cu\
X7941u\1cu\
X0741u\1cu\
L J
^ fi *) ;
> V I US btlpvy/add 0X0741u\1cu\
ro.moil<
0(g/w1US/firff 0x/rtdd vWbug'
X7941u\1cu\
X4251u\1cu\
X0741u\1cu\
X3251u\1cu\
P ft
C
?| Google
X0741u\1cu\
X3251u\1cu\
configuration options to
ADD-ONS
LXILMSJONS I PtKSONAS I IHLMLS I C0CLLCTI0NS
M0RL-.
Welcome to Firefox Add-ons. Choose from thousands of extra features and styles to make Firefox your own
# * Extensions Firebug
aboutxonfig.
Firebug 1.10.1
1 , 3 8 1 user reviews
3,0 0 2 ,5 0 6 users
while yx>u browse. You can edit, debug, and monitor CSS. HTM L, and JavaScript live in
any web page...
Q Add to colection
< Share this Add on
F I G U R E 8 .5 : W i n d o w s S e r v e r 2 0 1 2 A p p s
6.
C lic k th e In s ta ll N o w b u tto n
111
paneTTabMinWidth
horizontal space.
Firebug
X3251u\1cu\
184
B / a d d o n -1843-latest.xpi src:
Install N o w
C ancel
F I G U R E 8 .6: W i n d o w s S e r v e r 2 0 1 2 A p p s
7.
O n c e th e F ir e b u g A d d - O n is in s ta lle d , i t w ill a p p e a r as a
bug o n
th e
N avig atio n T o o lb a r as
grey colored
h ig h lig h te d in th e f o llo w in g
s c re e n s h o t
m
showFirstRunPage
[s
11
X0741u\1cu\
X0741u\1cu\
^ Google________f i
ft
F I G U R E 8 .7: W i n d o w s S e r v e r 2 0 1 2 A p p s
8.
C lic k th e Firebug ic o n to v ie w th e F ir e b u g p a n e .
9.
offers a JavaScript
c o m m a n d l i n e , lis t s a ll
kinds of messages and
offers a profiler for
JavaScript commands.
10. E n a b lin g th e C o n s o le p a n e l d is p la y s a ll th e re q u e s ts b y th e p a g e . T h e
o n e h ig h lig h te d 111 th e s c r e e n s h o t is th e
11 .
111
H eaders ta b
th is la b , w e h a v e d e m o n s tr a te d h tt p :/ / w w w .m ic r o s o ft .c o m
12. T h e H eaders ta b d is p la y s th e R e s p o n s e H e a d e r s a n d R e q u e s t H e a d e rs
b y d ie w e b s ite
s t y l e s o f d i e d i f f e r e n t f i le s
of a page containing CSS. It
C$1 - xr^
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
* D- *
* U 9|
i n w h i c h y o u c aX7941u\1cu\X4251u\1cu\X7941u\1cu\
n edit the
W e lc o m e t o M ic ro s o ft
c o n t e n t o f d i e C S S f i le s
d i r e c t l y v i a a t e x t a r e a ..
X4251u\1cu\ X3051u\1cu\
fi
UUf
F I G U R E 8 .9 : W i n d o w s S e r v e r 2 0 1 2 A p p s
Response, H TM L, a n d C ookies
Param s.
h o ld im p o r ta n t in f o r m a t io n a b o u t th e
w e b s ite
m
14. T h e H T M L p a n e l d is p la y s in f o r m a t io n s u c h as s o u rc e c o d e , in t e r n a l
U R L s o f th e w e b s ite , e tc .
HTML/XML of die
currendy opened page. It
PHD
Welcome to Microsoft
manipulations on the
X0741u\1cu\
<
|Mmu -j (S.
* DOM
nUMUtUittt
F I G U R E 8 .1 0 : W i n d o w s S e r v e r 2 0 1 2 A p p s
b y h o v e r in g th e m o u s e
c u r s o r 0 1 1 th e T im e lin e g r a p h f o r a re q u e s t
N e t P a n e l 's p u r p o s e is
to monitor HTTP traffic
initiated by a web page and
present all collected and
computed information to
d i e u s e r . I t s c o n t e n t is
composed of a list of
entries where each entry
represents one
request/response round
t r i p m a d e b y d i e p a g e ..
F I G U R E 8 .1 1 : W i n d o w s S e r v e r 2 0 1 2 A p p s
16. E x p a n d a re q u e s t in th e N e t p a n e l to g e t d e ta ile d in f o r m a t io n o n
P a r a m s , H e a d e r s , R e s p o n s e , C a c h e d , a n d C o o k ie s . T h e s c re e n s h o t th a t
fo llo w s s h o w s th e C a c h e in f o r m a t io n
^ ^
;T1
X0741u\1cu\
1
------------
il
;ojw
fi' ft
Welcome to Microsoft
,odwtj fcwnbads
p o w e r f u l d e b u g g i n g t o o l X3251u\1cu\
Security
Support
b a s e d o n f e a t u r e s li k e
different kinds of
breakpoints, step-by-step
X0741u\1cu\
X3941u\1cu\
execution of scripts, a
X7941u\1cu\
X7941u\1cu\.
UI
.!
1 . ..
1 1
UT 4uPMu4>l
.A UN
X3251u\1cu\
X3251u\1cu\
and more..
nxWtnMM
:0 >
11 *tuam iM i
wmwwwam^^M
11
X0741u\1cu\
X7941u\1cu\X4251u\1cu\X4251u\1cu\
X3251u\1cu\X4251u\1cu\X4251u\1cu\
X3251u\1cu\
X7941u\1cu\
trJ z z
1r0
an*CM
4 u m w luriJSK'i-MiMo.
a i vucu.1ra.M MX.il m 1
X4251u\1cu\
X0741u\1cu\
X0741u\1cu\
<jnoe*ofUn
. .j . *.
F I G U R E 8 .1 2 : W i n d o w s S e r v e r 2 0 1 2 A p p s
17. E x p a n d a re q u e s t in th e C o o k ie s p a n e l to g e t in f o r m a t io n o n a c o o k ie
V a lu e , R a w d a ta , ] S O N , e tc .
W c lc o m c t o M icro s o ft
X0741u\1cu\
X3251u\1cu\
X0741u\1cu\
ft Coobn* Fto
w e b s i t e a s t e x t f i le .
Therefore die Save as
d i a l o g is o p e n e d a l l o w i n g
you to select die path and
choose a name for the
e x p o r t e d f i le .
F I G U R E 8 .1 3 : W i n d o w s S e r v e r 2 0 1 2 A p p s
Note:
Y o u c a n h n d in f o r m a t io n r e la te d to th e C S S , S c r ip t , a n d D O M p a n e l 0 1 1
th e r e s p e c tiv e ta b s .
Lab Analysis
C o lle c t in fo r m a tio n su c h as in te r n a l U R L s , c o o k ie d e ta ils , d ir e c to r y s tm e tin e ,
s e ssio n ID s . e tc . fo r d iffe r e n t w e b s ite s u s in g F ire b u g .
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
S e r v e r o n w h ic h t h e w e b s it e is h o s t e d :
M ic r o s o f t IIS / 7 . 5
D e v e lo p m e n t F r a m e w o r k : A S P . N E T
H T M L S o u r c e C o d e u s in g Ja v a S c r ip t , j Q u e r y ,
F ir e b u g
Ajax
O t h e r W e b s it e In f o r m a t io n :
In t e r n a l U R L s
C o o k ie d e ta ils
D ir e c t o r y s tru c tu re
S e s s io n ID s
Questions
1.
D e te r m in e th e F ir e b u g e r r o r m e s s a g e th a t in d ic a te s a p ro b le m .
2.
A f t e r e d itin g p a g e s w it h in F ir e b u g , h o w c a n y o u o u tp u t a ll th e c h a n g e s
th a t y o u h a v e m a d e to a s ite 's C S S ?
3.
111 th e F ir e b u g D O M p a n e l, w h a t d o th e d if f e r e n t c o lo r s o f th e v a r ia b le s
mean?
4.
W h a t d o e s th e d if f e r e n t c o lo r lin e in d ic a t e
111
th e T im e lin e re q u e s t in th e
N e t p a n e l?
In t e r n e t C o n n e c t io n R e q u ir e d
0 Yes
No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
D iL a b s
Lab Scenario
/ Valuable
information______
Test your
knowledge
sA W eb exercise
m W orkbook review
W e b s it e s e rv e rs s e t c o o k ie s to h e lp a u th e n tic a te th e u s e r it th e u s e r lo g s 111 to a
s e c u re a re a o f th e w e b s ite . L o g in in f o r m a t io n is s to re d 111 a c o o k ie s o th e u s e r
c a n e n te r a n d le a v e th e w e b s ite w ith o u t h a v in g to re - e n te r th e sa m e
a u th e n tic a tio n in f o r m a t io n o v e r a n d o v e r .
Y o u h a v e le a r n e d
111
th e p r e v io u s la b to e x tr a c t in f o r m a t io n fr o m a w e b
a p p lic a t io n u s in g F ir e b u g . A s c o o k ie s a re tr a n s m itte d b a c k a n d f o r t h b e tw e e n a
b r o w s e r a n d w e b s ite , i f a n a tta c k e r o r u n a u th o r iz e d p e rs o n g e ts 111 b e tw e e n th e
d a ta tra n s m is s io n , th e s e n s itiv e c o o k ie in f o r m a t io n c a n b e in te r c e p te d . A
a tta c k e r c a n a ls o u s e F ir e b u g to se e w h a t Ja v a S c r ip t w a s d o w n lo a d e d a n d
e v a lu a te d . A tt a c k e r s c a n m o d ify a re q u e s t b e fo r e i t s s e n t to th e s e r v e r u s in g
T a m p e r d a ta . I t t h e y d is c o v e r a n y S Q L o r c o o k ie v u ln e r a b ilit ie s , a tta c k e rs c a n
p e r fo r m a S Q L in je c tio n a tta c k a n d c a n ta m p e r w it h c o o k ie d e ta ils o f a re q u e s t
b e fo r e i t s s e n t to th e s e r v e r . A tt a c k e r s c a n u s e s u c h v u ln e r a b ilit ie s to t r ic k
b ro w s e r s in t o s e n d in g s e n s itiv e in f o r m a t io n o v e r in s e c u r e c h a n n e ls . T h e
a tta c k e rs th e n s ip h o n o f f th e s e n s itiv e d a ta f o r u n a u th o r iz e d a c c e s s p u rp o s e s .
T h e r e f o r e , as a p e n e tr a tio n te s te r , y o u s h o u ld h a v e a n u p d a te d a n tiv ir u s
p r o te c tio n p ro g ra m to a tta in In t e r n e t s e c u rity .
Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a rn h o w to m ir r o r w e b s ite s .
Lab Environment
T o c a n y o u t th e la b , y o u n e e d :
11
D :\CEH-Tools\CEHv8 M odule 02
F ootprinting and R e c o n n aissan ce\W eb site Mirroring T o o ls \H T T ra c k
W e b s ite C opier
W e b D a t a E x t r a c t o r lo c a te d a t
dem onstrated in
this lab are
available in
D:\CEH-
Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f H T T ra c k W eb S ite C opier
Tools\CEHv8
Module 02
&
Tools
fr o m th e lin k h t t p :/ / w w w .h tt r a c k .c o m / p a g e / 2 / e n / 111d e x .h tm l
Footprinting and
Reconnaissance
I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111
s cre e n s h o ts s h o w n
th e la b m ig h t d if f e r
T in s la b w ill w o r k
2 0 1 2 . W indow s
111
8,
th e C E H la b e n v ir o n m e n t - o n
W indow s S erver
W indow S e rv e r 2 0 0 8 , a n d W indow s 7
Lab Duration
T im e : 10 !M in u te s
W eb mirroring a llo w s
re c u r s iv e ly a ll directories.
o d ie r h ie s fro m d ie
s e rv e r to y o u r c o m p u te r.
Lab Tasks
1.
T o la u n c h th e
S ta rt m e n u ,
h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft
c o r n e r o f th e d e s k to p
| | W in d o w s Se rver 2012
WintioM Soivm201? Release Candidate DaUcMt1
TO 5 W
X4941u\1cu\
X1941u\1cu\
F I G U R E 9 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w
2.
WinHTTrack works as
a command-line program
111 th e
S ta rt m e tr o
a p p s , c lic k W in H T T ra c k to la u n c h th e a p p lic a d o n
W in H T T ra c k
Administrator ^
Start
UirvvjM
rL
Windows
Admintstf...
PowiefShe!
Tools
Ccrpuw
X0741u\1cu\
&
Task
Jjpor.V
Hyp V
Virtual
Machine...
11
Path
copyng
Pro 2.7
id
hfitcHy.trt
rwrirv
Cl
Coojfc
tanti
Adobe
Kcafler X
WirHfTr..
webste
J:
1:T
(**Up
Mozila
F I G U R E 9 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s
J TAS K
3.
111 th e W in H T T r a c k m a in w in d o w , c lic k
X0741u\1cu\
Mirroring a
File
N e x t to
c re a te a
N e w P ro ject
iBI
W ebsite
ra c k website
< 3ack |
7 Quickly updates
Neit ?
copiei
d o w n l o a d e d s it e s a n d
resumes interrupted
downloads (due to
F I G U R E 9 .3 : H T T r a c k W e b s i t e C o p i e r M a i n W i n d o w
4.
E n t e r th e
to s to re th e c o p ie d file s . C lic k
S e le c t th e B a s e p a th
Next
1 Si c i N* * Yoiume <^;>
( a c c e p t / r e f u X4251u\1cu\
se: link, all
1-1='
Mirror
File Preferences
'
| ]eg Project
|
Project category
-hfo
New project
Base path;
1 ..|
t:\NVWebSles
< ock
Not >
Ccnccl
Help
KJUM
F I G U R E 9 .4 : H T T r a c k W e b s i t e C o p i e r s e l e c t i n g a N e w P r o j e c t
5.
Enter
th e n c lic k th e
S e t options b u tto n
WinHTTrack Website Copier [Test Projectwhtt]
X0741u\1cu\
File reterences
X4251u\1cu\
X0741u\1cu\
V\ndov\
Help
B L CEH-Took
S Timeout and minimum
, Irtel
(fj | NfyWebSitc* |
j ^ Jfi Program filc
i S i. Program hies xto)
X0741u\1cu\
Ul,J
Sl i . Windows
X8841u\1cu\
L .Q NTUSERDAT
B , , Local D<lr <D>
| Dowriodd web
545
cortfiodhackor.com I
FWcrerccs ord r
F I G U R E 9 .5 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d
6.
C lic k in g th e
W in H T T ra c k w in d o w
7.
s h o w n in th e f o llo w in g s c r e e n s h o t a n d c lic k
OK
WinHTTrack
H
M IM E types
Proxy
Browser ID
| S ca n Rules | ]
Limits
Log , Index. C a c h e
R ow Control
Links
]
|
Experts O nly
Build
Spider
o n e i m a g e f o l d e r ) , d o s 8 -3
filenames option and userdefined structure
Tip: To have ALL GIF files included, use something like +www.someweb.com/1.gif.
(+*.gif
OK
C ancel
Help
F I G U R E 9 .6 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d
T h e n , c lic k
Next
analysis, including
javascript code/embedded
HTML code
X0741u\1cu\
X4251u\1cu\
cq Window
Help
X0741u\1cu\0 ^ CEH-Tooli
& 1 del
B
i net pub
! )-- j, Intel
I ^) ,i; MyV/d)Sites
X0741u\1cu\
j }
Program. Files
j
Program files (x86)
I il-- Uscr
- j. Windows
X3251u\1cu\
j L Q NTfStRDAT
] u Local Disk <D>
certr'iedtacker.c
.I
F I G U R E 9 .7 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d
9.
Prosy support to
Window Help
X0741u\1cu\
j ||j
CEH Tool:
j 0Jt ddl
: Si j, netpub
j Si X0741u\1cu\
me!
I Si j. M/V/ebSites
Program Files
j
Remcte conncct
Connect to this provider
| Do not use remote access connection
0 j. J503
i ra >. Windows
L - Q NTUStRXIAT
Onhdd
Tron3lcr schcdulod lor (hh/
rrr
F I G U R E 9 .8 : H T T r a c k W e b s i t e C o p i e r T y p e o r d r o p a r i d d r a g o n e o r s e v e r a l W e b a d d r e s s e s
C D H T T r a c k c a n a ls o
update an existing mirrored
d o w n l o a d s . H T T r a c k is
X3251u\1cu\X0741u\1cu\
fully configurable by
options and by filters
X4941u\1cu\
s it e a n d r e s u m e i n t e r r u p t e d
X0741u\1cu\
X0741u\1cu\
Site
mirroring
in progress [2/14 ( ! 32794 ,(13 S bytes] [Test Project.whtt]
Help
P^ Local D is k <C>
: X CEH-Tods
j B -Jj del
X3151u\1cu\
X3051u\1cu\
X3051u\1cu\
X3251u\1cu\
Informatbn
J . netpub
j 0 ^ lntel
| 0 M MyWcbSitcs
I . ~J Program Files
Q X3251u\1cu\
| Progrom
Files (86)
X4251u\1cu\
X4251u\1cu\
I ra i . Users
j 0 1 Windows
~ j j NTUSFR.DAT
y - g Local Diik<0:>
Bytes saved
Tim:
Transfer rate:
X0741u\1cu\
Active connection#
320.26K1B
2rrin22j
OB/S (1.19KB/S)
1
Urks scanned:
2/14 (13)
-le wrtten:
*es updated
14
0
0
W }Actions:]
scanning
1
1
1------I
SKIP
SKIP
SKIP
1
1
1
SKIP
-KIP
1
1
1
1
1
1
1
1
SKIP
SKIP
SKIP
SKIP
SKIP
SKIP
SKIP
SKIP
J Lsz
Help
F I G U R E 9 .9 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s
o r r e f u s e d s it e s o r f i l e n a m e
(with advanced wild cards)..
th e s ite m ir r o r in g is c o m p le te d . C lic k
Window Help
CEH-Tools
Intel
; M
(MyWebSiles |
0 I Program Files
j 0
Program F les (x80)
I
J t U sen
i g| j. Vndow;
1 Q NTUSBUJAT
|- a Local Disk <[>.>
^ DVD RW Crive <h>
[ij
Nev/Voumc <F:>
X4251u\1cu\
MUM
F I G U R E 9 .1 0 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s
13 . C lic k in g th e
b u tto n w ill la u n c h th e m ir r o r e d
Note:
C] Use bandwidth limits,
I f th e w e b p a g e d o e s n o t o p e n f o r s o m e re a s o n s , n a v ig a te to th e
d ir e c to r } w h e r e y o u h a v e m ir r o r e d th e w e b s ite a n d o p e n in d e x .h tm l w it h
X0741u\1cu\
c o n n e c t i o n l i m i t s , s iz e
X7941u\1cu\X4941u\1cu\X7941u\1cu\
Downbacfe
Ask questions
X0741u\1cu\
X3251u\1cu\
X0741u\1cu\
fecole real
w<
!tiv Mr
hMnwt Ejplxe
acen91<eduw^n< the
Mxrovofl (imnuMli
S ecurity a n d updates
X0741u\1cu\
V _ V Chtl
(S)
**
b!ran
Ifta MM iKtttO,
F I G U R E 9 .1 1 : H T T r a c k W e b s i t e C o p i e r M i r r o r e d W e b s i t e I m a g e
c o m p le te s ite
15. I f y o u w is h to s to p th e m ir r o r in g p ro c e s s p r e m a tu r e ly , c lic k
C ancel in
Lab Analysis
D o c u m e n t th e m irro re d w e b s ite d ire c to rie s , g e ttin g H T M L , im a g e s , a n d o th e r tile s.
Tool/Utility
In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
HTTrack Web
S it e C o p ie r
O f f lin e c o p y o f th e w e b s ite
w w w .c e r tif ie d h a c k e r .c o m is c re a te d
Questions
5.
H o w d o y o u r e tr ie v e th e file s th a t a re o u ts id e th e d o m a in w h ile
m ir r o r in g a w e b s it e ?
6.
7.
C a n H T T r a c k p e r fo r m fo rm - b a s e d a u t h e n t ic a t io n ?
8.
C a n H T T r a c k e x e c u te H P - U X o r I S O 9 6 6 0 c o m p a tib le file s ?
9.
H o w d o y o u g ra b a n e m a il a d d re s s 111 w e b p a g e s ?
In t e r n e t C o n n e c t io n R e q u ir e d
Yes
0 No
P la t f o r m S u p p o r t e d
0 C la s s r o o m
0 !L a b s
Lab Scenario
/ Valuable
information______
Test your
knowledge
sA W eb exercise
A tt a c k e r s c o n t in u o u s ly lo o k lo r th e e a s ie s t m e th o d to c o lle c t in fo r m a t io n .
T h e r e a re m a n y to o ls a v a ila b le w it h w h ic h a tta c k e rs c a n e x tra c t a c o m p a n y s
d a ta b a s e . O n c e th e y h a v e a c c e s s to th e d a ta b a s e , th e y c a n g a th e r e m p lo y e e s
e m a il a d d re s s e s a n d p h o n e n u m b e rs , th e c o m p a n y s in t e r n a l U R L s , e tc . W it h
th e in f o r m a t io n g a th e re d , th e y c a n s e n d s p a m e m a ils to th e e m p lo y e e s to f ill
m W orkbook review
U R L s . T h e y m a y a ls o in s ta ll m a lic io u s v ir u s e s to m a k e th e d a ta b a s e in o p e r a b le .
As an expert
p e n e tra tio n te s te r, y o u
s h o u ld b e a b le to d u n k fr o m a n a tta c k e r s
p e r s p e c tiv e a n d t r y a ll p o s s ib le w a y s to g a th e r in f o r m a t io n 0 1 1
Y o u s h o u ld b e a b le to c o lle c t a ll th e
organizations.
of an
o r g a n iz a tio n a n d im p le m e n t s e c u r ity fe a tu re s to p r e v e n t c o m p a n y d a ta le a k a g e .
111 tin s la b , y o u w ill le a r n to u s e W e b D a t a E x t r a c t o r to e x tr a c t a c o m p a n y s
d a ta .
Lab Objectives
T h e o b je c tiv e o f tin s la b is to d e m o n s tra te h o w to e x tra c t a c o m p a n y s d a ta u s in g
E x t r a c t M e t a T a g , E m a il, P h o n e / F a x f r o m th e w e b p a g e s
Lab Environment
& 7 Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
T o e a r n o u t th e la b y o u n e e d :
W e b D a t a E x t r a c t o r lo c a te d a t
Footprinting and
Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o l W
eb D ata E x tra c to r f r o m
th e lin k h tt p :/ A v w w .w e b e x t r a c t o r .c o m / d o w n lo a d .h tm
Reconnaissance
I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111
W D E s e n d q u e r i e s t o
screen sh ots s h o w n
th e la b m ig h t d if f e r
W indow s S erver
T h is la b w ill w o r k in th e C E H la b e n v ir o n m e n t - 0 1 1
2 0 1 2 , W indow s
D :\CEH-Tools\CEHv 8 M odule 02
8,
Lab Duration
T im e : 10 M in u te s
Lab Tasks
1.
T o la u n c h th e
S ta rt m e n u ,
h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft
c o r n e r o f th e d e s k to p
F I G U R E 1 0.1: W i n d o w s 8 D e s k t o p v i e w
~ TAS K
Extracting a
2.
111 th e
to la u n c h th e a p p lic a tio n
W eb D ata E x tra c to r
W ebsite
Start
Admin A
*rofte
Microsoft
Office
Picture...
SktDnte
Mats
X1051u\1cu\ X4051u\1cu\
1*oiigm
m WDE - Phone,
X7941u\1cu\X7941u\1cu\X3251u\1cu\
Fax H arvester
module is
designed to
spider the w eb for
fresh Tel, FAX
numbers targeted
to th e group th a t
you w a n t to
m arket your
product or
services to
VOcw
*
Microsoft
Outlook
2010
Microsoft
PowerPoint
2010
Microsoft
Excel 2010
Microsoft
Publisher
?010
Microsoft
Microsoft
Word ?010
Office ?010
181
ii i
Mcrosoft
%/}. r !
Certificate
for VBA_.
Organizer
Microsoft
Office ?010
Upload...
Snagit 10
Snagit 10
Editor
Extractor
Unguag...
Web Data
Bl
X4251u\1cu\
10
Microsoft
OneNote
2010
Mozilb
Firefox
<9
3
< >
&
AWittl h*
Antivirus
<
Adobe
Reader 9
Adobe
Extend Sc
>-
F I G U R E 1 0 .2 : W i n d o w s 8 A p p s
3.
N e w to s ta rt a n e w
W e b D a t a E x t r a c t o r s m a in w in d o w a p p e a rs . C lic k
s e s s io n
&
t?
m
New
Cur speed
StartStofi I
0 00 kbps
Qpen
filter, page text filter,
Inactive sites
URL processed 0
F I G U R E 1 0 .3 : T h e W e b D a t a E x t r a c t o r m a i n w i n d o w
S ta rtin g URL h e ld .
S e le c t
OK
a u t o m a t i c a l l y g e t li s t s o f
m e t a - t a g s , e - m a il s , p h o n e
and fax numbers, etc. and
store them in different
formats for future use
Session settings
Source Oflsitelnks Filter URL Filter: Text Filter: Data Parser Connection
Search engines Site / Directory / Groups URL li
0 Jg ]
wthnfJURL
htp: //www.certifiedhacker. com
Save data
Extracted data wi be automaticaly saved in the selected lolder using CSV form
f o r s o m e s it e s b e f o r e
@ Extract phones
@ Extract faxes
vl
F I G U R E 1 0 .4 : W e b D a t a E x t r a c t o r t h e S e s s i o n s e t t i n g w i n d o w '
6.
New
V
Ed*
Qpen
m 1
stofi 1
Sterl
Jobs 0 / [5
URL processed 0
& It supports
operation through
proxy-server and
w orks very fast,
as it is able of
loading several
pages
sim ultaneously,
and requires very
fe w resources.
Powerful, highly
targeted em ail
spider harvester
F I G U R E 1 0 .5 : W e b D a t a E x t r a c t o r i n i t i a t i n g t h e d a t a e x t r a c t i o n w i n d o w s
7.
phones, fa x e s ,
In fo rm atio n
(em ails,
e tc .). O n c e th e d a ta e x tr a c tio n p ro c e s s is c o m p le te d , a n
d ia lo g b o x a p p e a rs . C lic k
OK
T=mn
9'
Cdit
Open
Jobs |0 | / [i r j
Otort Ctofj
tr
Session Meta tags (64) Emails (6) Fhones(29) Faxes (27) Merged list Urls (638) Inactive sites
URL proressed 74
m\
Web Data Extractor has finished toe
session.
You can check extracted data using the correspondent pages.
&
module is designed to
extract URL, meta tag (tide,
description, keyword) from
web-pages, search results,
open web directories, list of
u r l s f r o m l o c a l f i le
F I G U R E 1 0 .6 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s
T h e e x tr a c te d in f o r m a t io n c a n b e v ie w e d b y c lic k in g th e ta b s
Web Data Extractor 8.3
m
New
E<*
Qpen
Start
Jobs 0 / 5
Cu speec 00kbps
Stop
I
I
Inactive sites
F I G U R E 1 0 .7 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s
S e le c t th e M e ta ta g s ta b to v ie w th e U R L , T id e , K e y w o r d s ,
D e s c r ip t io n , H o s t , D o m a in , a n d P a g e s iz e in f o r m a t io n
Web Data Extractor 8.3
File View Help
EQ if you w a n t
WDE to sta y
w ith in firs t page,
ju s t s e le c t
"Process First
P age Only". A
s e ttin g of 0" w ill
New
[ Sesson |
Opr
Start
Stop
Jobs 0 j/ 5
Phores (23)
Inactive sites
p rocess in d ex or
h om e page w ith
U1I5 (638)
8 /12/2
htp://e*<ifi*dh*:k*tcov/R*cip*/Chick*n_with_b Your eonrpary R*cip*cd*Uil Son! kywadc 4 A short d4ccrotio1 of you hUp://c#rtfi*dh 1com 9594
htp://cettf1edha:ke 1 covRecces/contact-u$.html Your corrparv Contact js
Some kevwads 4 A shat
1
com 5828 /12/2
descrbtion of you http://certifiodh< c
htp://cetf1edha:ke 1 cor/Recif:e$/honey_cake.hlml Your corrpany Recipes detail Some keywads 4 A shat descrption
com 9355
/12/2
of you http://certifiedhi c
htp: //cetf edha:ke1 com/RecifesAebob. Nml
Your corrpany R ecipes detail S ome keywads 4 A shat descrbtion of you http: //certifiedhi c
1/12/2
1/12/2
1/12/2
lvtp://ce*ifiedhoske1co/n5ciee/1ecipes.hlml
Merged 1st
trtp //ccW1eJk-ke1co*1/R;i|jes/dppe_1;dket111l ,!our uonpany Recipes detail Sume keywuds 4 Asfwt (fescrption of you hUp.//cef(ViedM ccom 10147
w e b s ite . A
Faxes (27|
URL
Title
Keyword*
Descupticn
Mp://cett1edha:ke1c01r/Bec1Fe$/1;h1cken_C1jffy.hh Your corrpany HeciDes detail borne keywads t A shat
descrotion of you http://certf1edhi c
hup.//ce*rfdhacketcot/Rgcice3/1ncruhtml
/1
2/2
h!tp://cetf1edha:ketcovRecice$/!ancoori chcken Your conrpaa> Recipes detail Some kevwads 4 A shat descrbtion of vou http://certifiedh< ccom 862
h,tp://ce-tifiedha^ecotvR 2cipes/ecipes-detail.htm Your corrpany Recipes detail Some keywads 4 A shat descrption of
1
com 1C804 /12/2
you http://certifiedh< c
h!tp://cetifiedha:kecovSocid Media.'abcut-us.htm Unite Together s Better(creat keyword:, orphia:Abcier descriptior of
1
com
13274
/12/2
this : http://certifiedhi
h1tp://ceU1ejha^etcovR5c1f:es/1neru-categDfy.ht Your corrpany Menu category Some keywads 4 A shat descrotion
1
com 11584 /12/2
of you http://certf edh<
h!tp://ce tifiedha*e1cor1/R5cipes/ ecipes-:ategory.l Your corrpany Recipes categ! Some keywads 4 A shat descrbtion of you http://certfiedh< com 12451
h,tp:/cetifiedho;ketcom/Socid Mcdio/somple blog.I Unite Together e Better(crcot keyword*, ofpho-Abod descriptior
hitp7/cehfie:trket com/S ocid Media/samplecorte Unite- Together ts Better (creat keyword;, or phra-A brier
description
of Ihis http
h:tp: //cetifiedhackei con/S pciel M edia.sampleloain.
http:
//certifiedhi
htp: //cetifiedhackei com/T jrbc M ex/iepngw. htc
http:
//certfiedh<
htp://cetifiedha^etcom/S xicl Media.sampleporifc Unite Together s Better (creat keyword?, or phra: A brier
descriptior of !his 1 http://certifiedh<
http://cethedhackei com/Under the trees/blog.html Under the Trees
http://certifi
edhi
1/12/2
1/12/2
1
1/12/2
com 12143
a s s o c ia te d file s
u nder root dir
only.
http://:ertried
1
com 2S63 /12/2
h< c
F I G U R E 1 0 .8 : W e b D a t a E x t r a c t o r E x t r a c t e d e m a i l s w i n d o w s
X0741u\1cu\
CEH Lab Manual Page 74
X4251u\1cu\
X0741u\1cu\
X3051u\1cu\X7941u\1cu\X7941u\1cu\
X0741u\1cu\
X0741u\1cu\
X4251u\1cu\
X5051u\1cu\
X3941u\1cu\X3151u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X3251u\1cu\
X3251u\1cu\
X3941u\1cu\
X3251u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\ X3251u\1cu\
X3251u\1cu\
X3251u\1cu\
X3251u\1cu\
X0741u\1cu\ X3251u\1cu\
X0741u\1cu\
X0741u\1cu\
X3251u\1cu\
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
X2151u\1cu\
X3251u\1cu\
X3251u\1cu\
X0741u\1cu\
X7941u\1cu\
N5V Edt
H!
0p5n
Jobs 0 / 5
Start Stofi |
1
1
Session Meta 095 (64) | Enaih (6) | ?hones |29) Fccs(27) Merged 1st Urls (G33) Inactive
srei
X4251u\1cu\
X0741u\1cu\
X0741u\1cu\
Host
E-nail
Narre URL
Tfcle
X0741u\1cu\
X0741u\1cu\
X0741u\1cu\
concact0X3251u\1cu\
jrite reapazinecsmrunitv.
contact X0741u\1cu\
httpJ/cettifiedhackor.conv'Social
Med Unit Topetke* is B3ttef (creat3c
X3251u\1cu\
X0741u\1cu\
http:<7cettifiedhackef.c
X3251u\1cu\
1rro1ntrospre.seD
nfo
htD:/l/ce!t1fiedh3cker.ccrrvc0Dcratel(
lttD://cet1fedh3ck5r.corr1
5ale5@Tt!o:p*e w=fc
sdes
http://ceitifiedh3ckcr.com'corporatek
htp./1/ceitifiedhackcr.com
X3251u\1cu\
X3251u\1cu\
X3251u\1cu\
supDcrt@ntotpre
vueb X0741u\1cu\
5Lpp0t http:J/cettifiedh3cker
com/corpcr^e-k
http</cetif edhackercorr!
aalia@dis3r.con
aalia
http^/cettifiedhacker.com/P-folio/ccn P Folio
http://cetif edhacker.com
cortact@!>cnapDtt. com
contact htp: //co!tifiodh:ckor.conYR ociposAo Vou corpa>y Htp:7cetifodh:jck 0r.c
3ecpos
0
0
0
0
m WDE send
queries to search
engines to get
m atching w eb site
URLs. N ext it
visits those
m atching
w ebsites for data
extraction. How
many deep it
spiders in the
m atching
w ebsites depends
X3251u\1cu\
on "Depth" setting
of "External Site"
tab
X3151u\1cu\
X3151u\1cu\
X3151u\1cu\
F I G U R E 1 0 .9 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w
11 . S e le c t th e
Phones
ta b to v ie w th e in f o r m a t io n re la te d to p h o n e lik e
P h o n e n u m b e r, S o u r c e ,
X1941u\1cu\X1941u\1cu\
T a g , e tc .
X5941u\1cu\
Jobs 0 / 5
m
g*
Open
%
Start
9
1
St0Q |
j Session Meta tags (64) Emails (6) | Phenes (29)"| Faxes (27) Merged list Urls (6381 Inactive sites
Phone
Title
Host
Keywords de Key /
Sdace
X0741u\1cu\
1800123986563 1-830-123-936563 cal http://certifiedha cker.com/Online B:>okr>a/a> Onlne 300kina: Siterru http://certifiedhackef.c1
1800123986563
1-830-123-936563 cal http://certifiedhacker.com/Online B:>o*ung/bc Onlne Booking. Brows http://certifiedhackef.c1
1800123986563 1-830-123-936563 cal http://certifiedhacker.com/Online B^oking/c* Onine Booking: Checl http://certifiedhackef.c1
http7/certifiedhackef rom/Dnline Bsokinfl/ea Onine Booking Conta http7/eertifiedhaek c!
1?345659863?
1?3-456-5$863?
1800123986563 1-830-123-936563 cal http://certifiedhacker.com/On line B50k*>g/c:* Onine Booking: Conta http://certifiedhackef.c 1
http://certifiedhacker.com/Online Bxjking/ca Onine Booking: Conta http://certifiedhackef.c1
800123986563 800-123-988563
http://certifiedhacker.com/'Online Bookirtg/fac Onine Booking: FAQ http://certifiedhackef.c 1
1800123986563 1-8D0-123-936563 cal
http://certifiedhacker.com/Online
Bx>king/p 3i Onine 300king: Sitem< http://certifiedhackef.c
18 123986563 1-8X1-123-936563 cal
X3251u\1cu\
http://certifiedhacker.com/Online Bx>king/$e< Onine 300king: Searc http://certifiedhackef.c 1
1001492
100-1492
http^/cortifiodhackor.convOnline Boking/sei Onine Booking: Searc htp://certifiedhackef. c!
15019912
150 19912
http://certifiedhacker.com/Online B50king/se< Onine 300king: Searc http://certifiedhackef.c1
18 123986563 1-830-123-936563 cal
http://certifiedhacker.com/Online Booking/ten Onfine Booking: Typoc http://certifiedhackef.c1
1800123986563 1-8D0-123-936563 cal
http://ccrtificdhackcr.com/Onlinc B50king/hDl Onine Dooking: Hotel http://ccrtifiedhacka.ci
1800123986563 1 9X123 936563 cal
901234567
+90 123 45 87 Phone http: //certifiedhacker. com/ P-folio/cDntacl htri P-Foio
http: //certifiedhackef. c!
6662588972
(665)256-8972
http://certifiedhacker.com/Real Estates/page: Professional Real Esta htp://certifiedhackef. c!
6662588972
(665) 256-8572
http://certifiedhacker.com/Real Eslates/pags: Professional Real Esta http:/ /cerlifiedhackef.ci
http://certifiedhacker.com/Real Estates/page: Professional Real Esta http://certifiedhackef. c!
6662588972
(660)256-8572
http://certifiedhacker.com/Real Estates/page: Professional Real Esta http //certifiedhackef. c!
6662568972
(660) 256-8272
http://certifiedhacker.com/Real Estates/peg* Professional Real Esta http //certifiedhackef. c!
18 123986563 1-830-123-936563 cal http://certifiedhacker.com/'Social Media/sarrp Unite Together is Bet http //certifiedhackef. c!
102009
http://certifiedhacker.com/Under the treesTbc Undef lie T rees
http //certifiedhackef. ci
102009
X0741u\1cu\
132009
http://cert11edhacker.com/Under the trees/bc Undef tie I fees
http://certifiedhackef. ci
132003
77 xrw
httrv //(*rrifiArlhArkA
?Air I Irvfef
Tit hHr> //pprtiKprlhArlf r,
X0051u\1cu\X0051u\1cu\X0051u\1cu\X5941u\1cu\X4941u\1cu\X2051u\1cu\
F I G U R E 1 0 .1 0 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w
F ile
a n d c lic k
S ave session
----
Jobs 0 J / 5
Cur. speed
Open session
Avg. speed
Svc session
ctti-s |
Delete sesson
URL procesced 74
Start session
Stop session
Stop Queu ng sites
bit
14. Specify the session name in the Save session dialog box and click OK
X3251u\1cu\
'1^1' a
m
New
0 p
1 IJobs [0 |/
<* Qpen
Start Stoc |
1
1
Ses$k>r Meta tegs (64) Emails (6) Phones (29) Faxes (27) Merged list Urls (638) Inactive sites
X0741u\1cu\
X3941u\1cu\
X4051u\1cu\
X0741u\1cu\
URL pcocesied 74
Tralfic receded 626.09 Kb
Save session
L a b A n a ly s is
Document all die Meta Tags, Emails, and Phone/Fax.
T o o l/ U tility
W eb Data
Extractor
0 No
Platform Supported
0 Classroom
0 iLabs
I d e n t if y i n g V u l n e r a b i l i t i e s a n d
I n f o r m a t i o n D i s c l o s u r e s in S e a r c h
E n g i n e s u s i n g S e a r c h D ig g ity
/ Valuable
mformation___
Test your
knowledge
*4 Web exercise
m Workbook review
Search Diggity is the primary atack tool of the Google Hacking Diggity Project It
is an MS Win dons GUI application that serves as a front-end to the latest versions
of Diggity tools: GoogleDiggity, BingDiggity, Bing LinkFromDomainDiggity,
CodeSearchDiggity, DLPDiggity, FlashDiggity, Main areDiggity, Po/tS can Diggity,
SHOD.4NDiggity, BingBina/yMalnareSearch, andNotlnMyBackYardDiggity.
L a b S c e n a r io
A n easy way to find vulnerabilities 111 websites and applications is to Google
them, which is a simple method adopted by attackers. Using a Google code
search, hackers can identify crucial vulnerabilities 111 application code stnngs,
providing the entry point they need to break through application security.
As an expert ethical hacker, you should use the same method to identify all
the vulnerabilities and patch them before an attacker identities them to exploit
vulnerabilities.
L a b O b je c t iv e s
The objective of tins lab is to demonstrate how to identity vulnerabilities and
information disclosures 111 search engines using Search Diggity. Students will learn
how to:
H Tools
demonstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 02
Footprinting and
Reconnaissance
L a b E n v ir o n m e n t
T o carry out the lab. you need:
Yo u can also download the latest version of Search Diggity from the
link http: / /www.stachliu.com/resources /tools /google-hacking-diggitvproject/attack-tools
If you decide to download the latest version, then screenshots shown
111 the lab might differ
Tins lab will work 111 the C E H lab environment - 011 Windows Server
2012. Windows 8. Windows Server 2008. and Windows 7
L a b D u r a tio n
Time: 10 Minutes
G o o g le D ig g ity is the
p rim a ry G o o g le h ackin g
O v e r v ie w o f S e a r c h D ig g it y
to o l, u tiliz in g th e G o o g le
JS O N / A T O M C u sto m
S e arch A P I to id e n tify
vu ln e ra b ilitie s and
Search Diggity has a predefined query database that nuis against the website to scan
die related queries.
Lab Tasks
1. T o launch the Start menu, hover the mouse cursor 111 the lower-left
corner of the desktop
2. 111 the Start menu, to launch Search Diggity click the Search Diggity
Launch Search
Diggity
A dm inistrato r ^
Start
MypV
X0741u\1cu\
MMMger
tools
a
X4251u\1cu\
*j
Hyper V
Vliiijol
Machine..
Command
Control
Panel
Google
Chrome
1 Vy1hOt
f/anaqer
o
F"
Adobe
Reader X
X7941u\1cu\
Mozilla
Internet
Informal).
Services..
3. The Search Diggity main window appears with Google Diggity as the
default
s s - . Q u e rie s S e le ct
G o o g le d ork s (search
q u eries) yo u w ish to use in
scan b y ch eck in g
X5941u\1cu\
a p p ro p riate boxes.
Aggr$$M
Queries
r
X0741u\1cu\
FS06
Category
t GK>*
X2941u\1cu\
Cautious
Wnja
Sutxsteqory
search String
Page Titfe
l Q C iRibOfn
l SharePoart 0ggrty
> Usioe
> I ISLOONCW
> f 1 DLPOwty Initial
*
NonSWF seartfes
& t ] FtashDggty lnai
X3251u\1cu\
4. Select Sites/Domains/IP Ranges and type the domain name 111 the
domain field. Click Add
Ooton?
CodeSearch
Srpl
MH0
Brng
llnkfromDomniri
DLP
Flash
Mnlwor#
PortSar
I
n FSD6
? p SharePDtit Diggty
S e le ct (h ig h lig h t) on e o r
> 12 SLD3
to d o w n lo ad d ie search
re su lt file s lo c a lly to yo u r
Category
> sldbnew
> r DLPDigg.ty Intial
Subcategory
Search Stnng
SKorin n
IjlT.Tl
_(
Clear
t> Q GH06
> GHDBRebom
0 D o w n lo a d JB u tto n
BingMnlwnr#
| mcrosofC.com
Quer*s
X4051u\1cu\X3251u\1cu\
HorTnMyfi.vfcvird
Advanced
Hide
Page Ttie
Selected Result
>
t> F FiashDiggty Intial
Flash MorrS'AF Seerches
co m p u ter. B y d e fa u lt,
d o w n lo ad s to
Download Protjrvvs: Id
5. The added domain name will be listed in the box below the Domain
held
Im p o rt B u tto n
^5
Search Diggiiy
File
ru n ag ainst G o o g le w ith
Codons
J
s i t e : y o u r d o m a in n a
m e . co m ap pended to it.
r ~^eSeard1
SmuJe
|- I
X1051u\1cu\
Helo
Bing
LinkFromDomain
Advanced
SU N
DLP
|
Flash
MaHware
msm
Pro
|B
*
Queries
HatfrMyBadcyard
BingMalvsare
Shodan
Query Appender
X0741u\1cu\X0741u\1cu\X4251u\1cu\X0741u\1cu\
PcriSczn
Settings
b9
dear
Hide
fr 1!! F5PB
Subcategory
fr E: CHD6
Search String
Page Title
URL
fr C GHDeReborr
fr (v sfiarcPon: oqgkv
fr (lJ S1DB
fr S I06NEW
Soloctod Result
fr IT OtPDlQqltY Iftlldl
fr C Rash HanSMlF Searches
- (T RashDig^Ty inrtial
X0741u\1cu\
X0741u\1cu\
6. Now , select a Query Irom left pane you wish to run against the website
that you have added 111 the list and click Scan
aa t a s k
Note: 111 this lab, we have selected the query SWF Finding Generic. Similarly,
you can select other queries to run against the added website
"5
Seaich Diogity
X7941u\1cu\
X0741u\1cu\
X7941u\1cu\
X1051u\1cu\
oodons
CodeScarfr
X4251u\1cu\X7941u\1cu\
HdO
Bing
LirkfrornDomam
DLP
Flash
Malware
PortScan
HotiftMyflxIcyard
Settings
. Caned
Proxies
SingMalwnre
Shodan
microsort.com [Kcmove]
lEOal
Oownloac] 1
Clear
X0741u\1cu\
Hide
F D6
GHD6
Category
Subcategory
search string
psge Title
URL
O GHDBRebom
SharePoinl t>ggiy
SLOB
O SLDBNEW
DIPDigjjty Tnrtiol
W h e n scan n in g is
Selected Result
co m p lete w eb site.
boogie status: ReacJy
holJt'
R e s u lts P a n e - A s
x -
Search Dignity
b eg in p o p u latin g in th is
w in d o w pane.
LinkFromDomain
X3251u\1cu\
5 nr 313
PortScan
f totin M/Backyard
Bing Malware
S ho da n
AcSarced
> 128.192.100.1
Cancel
Download
|__________
Ceai
Hide
F5D6
GHDB
GHOBRetoorr
X5941u\1cu\
X6941u\1cu\
X1051u\1cu\
m
sliaroPoin: Digqty
5106
Sub cntegory
Search String
Page T*e
F1ahD1gg!ty ]ml SWF Finding G< exfcswt ste :mu Finland irrxrg
URL
FlastiDiggity ]ml SWF Finding G< ext:swt ste:m< Start the Tour j http://vr//7v.rn1cr0xtt.com/napp01nt/flosh/Mapl'o1r1t
F-lastiDiaqity inn sw f Finding G< oxt:swf s1tc:m1< cidc hrc - mic -ttp:,7vwMm1cr0Mft.com/learn1nq/elcarr1nq/Dcmosl Z
SLD6ICW
OlPOiggltY Irtlai
S im p le Sim p le
Cntegory
Stotted Result
Not using Custom Swai J> ID
Request Delay Interval: [0m5 120000ms].
Not using proxies
Simple Scan Started. [8/7/2012 6:53:23 pm!
Found 70 results) for query: ext:sv.151te:m!crosoft.c0fn .
d ictio n arie s.
All the URLs that contain the SW F extensions will be listed and the
output will show the query results
ca O u tp u t G e n e ra l
o u tp u t d e scrib in g the
p rog ress o f th e scan an d
p aram eters used..
L a b A n a ly s is
Collect die different error messages to determine die vulnerabilities and note die
information disclosed about the website.
T o o l/ U tility
Search D ig g ity
Q u e s t io n s
Is it possible to export the output result for Google Diggity? If yes,
how?
No
Platform Supported
0 Classroom
!Labs