FOOTPRINTING AND SCANNING
Written by: Nirav Patel Contact links: facebook.com/patelniravv twitter.com/niravvhackky
�Topics to be covered
What is HDLC What is shared Server What is Dedicated Server How to check website whether it is on shared or dedicated What is Footprinting Website and tool used in Footprinting How to do Footprinting What is Scanning Types of Scanning Tool used in Scanning How to do Scanning How to create scanning report Explanation of last 3 steps of HDLC How to be anonymous on internet
1|Page
�What is HDLC
HDLC means Hackers Development Life Cycle. How hackers prepared a step by step plan for an attack against victim.
Fig: Hackers Development Life Cycle (HDLC)
Steps: Step-1: Reconnaisance/Footprinting Step-2: Scanning Step-3: Gaining Access Step-4: Maintaing Access Step-5: Covering Tracks Generally step-1 and step-2 are not followed by a black hat hackers who uses their skill for dishonorable purpose, whereas an ethical/professional/white hat hacker follows the steps to secure the information and to successfully analyze the attack. Lets go through some basic concept about server and then we can proceed with our module Footprinting and Scanning.
2|Page
�What is Shared Server
The Shared server refers to web hosting service where many websites are hosted in one web server. Each website get its own partition in server so that it can be separated from other websites.Since this is an shared server the maintenance cost is also less. Shared server is capable of hosting high-level domains such as .com,.co,.org,.in etc
The above figure shows that many websites are hosted on the shared server with different domains.
Remember: Website hosted on shared server is open to hack because in shared server many websites are hosted, which no such protection. Even if one website is vulnerable than it can affect all websites. So please be careful while hosting your website on shared server.
3|Page
�What is Dedicated Server
Dedicated server refers to web hosting service which will not share the server with any other website. It will host only the same type of domains but there can be many websites.
In the above figure the black rectangle indicates that this is mistake of website but the website www.manipal.edu is hosted in dedicated server.
Remember: Websites hosted on dedicated server is not easy to hack because the developer of the websites has put the same security measures in every websites. If anyone of them is secured than consider that all websites are also secured in same manner.
4|Page
�Check website Shared or Dedicated
Lets check whether the website whether it is hosted on shared or dedicated Server. There is a cool website which suggested by great hacker RAHUL TYAGI. Follow the steps in order to check whether the website is on shared server or dedicated server.
Name of the website: www.yougetsignal.com Step-1: Open the above link in any browser. Step-2: Search for Reverse IP-Domain Check. See the below screenshot
Step-3: Click on Reverse IP Domain Check and enter the URL of website in order to check whether it is hosted on shared server or dedicated server.
So its all about the shared and dedicated server. Now lets come to module Footprinting and scanning.
5|Page
�What is Footprinting
This is the first step of HDLC. This is also known as information gathering. Footprinting is used to collect information about the victim. This is an important step because professional hacker gets a quick start for planning the attack. Script kiddie or black hat hacker does not use this as they attack without any plan. After footprinting, following information can be gathered: 1) 2) 3) 4) 5) 6) 7) 8) IP address Creation date Last updated date Expiry date Name Address Phone number Email id
After collecting this information we can hack the victim in 3 ways. We will cover only one way of hacking in this article and it is with Email Hacking. Above concept of shared and dedicated server is to be explained because it is also a part of footprinting. *Tutorial on Email hacking will upload soon.
6|Page
�Website and tool used in footprinting
Many online websites are there for footprinting means information gathering. But the best website that anyone can use and follow the steps Name of Website: www.who.is Step-1: Open the above URL in browser.
Step-2: Enter any website for information gathering and click on You will see all the relevant information regarding the website on the next screen. For more information on online website, google it.
7|Page
�Tool used in Footprinting
Many tools are available on the internet, but to use the best tool is a sign of professional hacker. This tool is suggested by RAHUL TYAGI. Tool Name: Samspade Link: softpedia.com/dyn-postdownload.php?p=34862&t=4&i=1 Step-1: Download the tool samspade and open it.
8|Page
�Step-2: Enter the website for information gathering and click on
The information gathered by the tool or by the website is same. The information which is gathered by footprinting is not much usable for successful attack because only name and address are not sufficient for an attack. Thus we need scanning process to do the job.
9|Page
�What is Scanning
Scanning is the second step in HDLC and is very necessary for information gathering. Remember that both footprinting and scanning comes in Information gathering. Scanning is the process used to gather intelligent information about the victim, without which hacker cannot perform a successful attack. Below list of information can be obtained by doing scanning. 1) 2) 3) 4) IP address Operating system System architecture Services running on particular port(Banner Grabbing)
10 | P a g e
�Types of Scanning
Scanning is of three types: 1) Port scanning 2) Network scanning 3) Vulnerability scanning Lets have a look at them. 1) Port scanning: Port scanning is used to check whether the server or victim is online or not and also for the IP address. To check this open cmd and type the ping command followed by the website name as shown in below screenshot.
2) Networking Scanning: Networking scanning is used to scan the network and collect the information of open ports, which services are running on particular port, which operating system is running and system architecture of the network. Practical session is mentioned later in this tutorial.
11 | P a g e
�3) Vulnerability scanning: Vulnerability scanning is used to scan the network for finding the loopholes in the network and then plan for an attack against victim. More details will be covered in the upcoming article. Hint: For vulnerability scanning you can use backtrack OS.
Tool used in Scanning
Scanning is an important step in HDLC, tools used to perform scanning must also be best in its terms. There is a popular tool as suggested by great hacker RAHUL TYAGI. Tool name: Nmap for linux and it is also known as zenmap for windows. Link: http://nmap.org/dist/nmap-6.25-setup.exe
12 | P a g e
�How to do Scanning (Use of nmap)
Here there is step by step by process of scanning. Just follow the steps and gather intelligent information about victim. Step-1: Open the tool namp.
Step-2: Enter the victims ipaddress.
13 | P a g e
�Step-3: Click on
. Below screen will appear
Step-4: Scanning process gets completed. Now we can check the information that has been gathered by the tool. Lets see the open ports.
14 | P a g e
�Step-5: Goto the host detail tab to check the operating system of the server.
Note: This indicate that this website which is hosted on a linux server and is 89% secure so its difficult to hack. If this accuracy is below 60% than it is easy to hack.
15 | P a g e
�How to create Scanning report
It is very easy to create scanning report. Scanning report is necessary to create if you are a security researcher. Follow the below steps. Step-1: After scanning process get over. Just goto scan tab and select Save Scan.
Step-2: Select destination where you want to store th report.
Thats all, you have saved your scanning report.
16 | P a g e
�Explanation of Last three steps in HDLC
The third step in Hackers Development Life Cycle is Gainaing Access. It is the step where the actual attack on victim starts. Hacker after knowing the OS (linux or windows) victim is using , he will plan his attack based on the respective OS. This is very pratical step because a hacker has to apply all the attacks to hack the victim.
The fourth step in Hackers Development Life Cycle is Maintaining Access. Consider a scenario that a hacker had attacked on a website but his fortune are not in his favour and didnt find anything useful but hoping that it might get some useful information in future , he will create a backdoor which will be open for him the next time. If next time any important data uploads in website so backdoor will help the hacker to get in to that information.
The fifth step in Hackers Development Life Cycle is Covering Tracks. This is a simple step because only one file has to be deleted after getting to the server but it needs to be deleted as it keeps the presence of you. Remember that every website you visit, your ipaddress is also stored in their logs so dont forget to delete the logs because you can be easily traceback by the log.
17 | P a g e
�How to be anonymous on internet
Remember, being anonymous over the internet is a crime. But the best part of being anonymous is that after crime no will catch because we are anonymous. There are many steps for being anonymous. 1) 2) 3) 4) Use proxy server Use Virtual Private Network(VPN) Use firefox add-on Use softwares- proXPN, Ultrasurf,tor browser etc.
1) Proxy server: Dont use proxy server as they store logs. So anyone can easily be caught. But still if you want to use proxy server then use www.anonymizer.ru as this a russian proxy and made by hackers so they dont store your ipaddress and less chance to get caught. 2) VPN: Hacker use VPN and also suggest to use because its creates virtual private network and do not store logs in it. 3) Fire fox (Add-on): There is a cool add-on name anonymoX. Install this addon and activate it. And no one will caught you because this add-on is created by Best hacking group called Anonymous. And it stores your logs but only for five minute not more than that. So you are 100% secure. 4) proXPN: This software is also cool. This is freeware software and uses 2048 bit encryption key which is impossible to decrypt and you are 100% secure and even data is secured over the internet
Warning: This tutorial is only for educational purpose. Please dont scan any of the online banking website, CBI, CIA, Indian government website or any sensitive website. We are not reposible for this.
18 | P a g e
Credit to Rahul Tyagi
19 | P a g e
