Footprinting

Tools used for footprinting

September 15, 2016 Footprinting

We will look at some useful tools available in footprinting process of hacking. Each tool is unique and works best for different stages of footprinting.
(more…)

Footprinting using Google hacking

September 15, 2016 Footprinting ,

Google can provide plenty of useful information during footprinting process. Google hacking have been around for a long time although it is not widely known to the public. The process is simple but effective. We will use fine-tuned operators to get precise information.
Using Google hacking we can get information on
(more…)

Finding IP address of website and getting frame size

September 13, 2016 Footprinting

Lets take a look on how to obtain information about website IP by using ping and tracert.

Lets ping website in our example xxx.com. Take a note of packet lost as well as round trip time. As you can see in case below we send 10 packets with 0 loss and 9005ms turn around time.

ping xxx.com
PING xxx.com (38.99.188.5) 56(84) bytes of data.
64 bytes from 38.99.188.5: icmp_seq=1 ttl=55 time=30.2 ms
64 bytes from 38.99.188.5: icmp_seq=2 ttl=55 time=28.8 ms
64 bytes from 38.99.188.5: icmp_seq=3 ttl=55 time=28.4 ms
64 bytes from 38.99.188.5: icmp_seq=4 ttl=55 time=28.9 ms
64 bytes from 38.99.188.5: icmp_seq=5 ttl=55 time=29.2 ms
64 bytes from 38.99.188.5: icmp_seq=6 ttl=55 time=29.5 ms
64 bytes from 38.99.188.5: icmp_seq=7 ttl=55 time=30.1 ms
64 bytes from 38.99.188.5: icmp_seq=8 ttl=55 time=32.3 ms
64 bytes from 38.99.188.5: icmp_seq=9 ttl=55 time=41.7 ms
64 bytes from 38.99.188.5: icmp_seq=10 ttl=55 time=31.4 ms
^C
--- travelpress.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9005ms
rtt min/avg/max/mdev = 28.420/31.105/41.787/3.750 ms

Now lets determine frame size by pinging website with the flag that does not allow fragmentation. Examine output below

$ ping xxx.com -M do -s 1400
PING 192.168.0.1 (192.168.0.1) 1400(1428) bytes of data.
1408 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=8.08 ms
1408 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.85 ms
^C
--- 192.168.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.856/4.968/8.081/3.113 ms
$ ping 192.168.0.1 -M do -s 1500
PING 192.168.0.1 (192.168.0.1) 1500(1528) bytes of data.
ping: local error: Message too long, mtu=1500
ping: local error: Message too long, mtu=1500
ping: local error: Message too long, mtu=1500
ping: local error: Message too long, mtu=1500
^C
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3023ms

From this output you can determine that frame size is below 1500.

Now lets use traceroute linux command to see routing and ip information. Lets look up google.com


traceroute google.com
traceroute to google.com (172.217.4.238), 30 hops max, 60 byte packets
 1  192.168.0.1 (192.168.0.1)  0.949 ms  1.381 ms  1.824 ms
 2  216.172.40.65 (216.172.40.65)  7.546 ms  7.553 ms  7.548 ms
 3  * * *
 4  67.231.221.165 (67.231.221.165)  18.883 ms  19.836 ms  20.081 ms
 5  69.63.248.233 (69.63.248.233)  21.980 ms  22.883 ms  23.131 ms
 6  van58-9-230-14.dynamic.rogerstelecom.net (209.148.230.14)  55.029 ms  35.431 ms  24.076 ms
 7  72.14.222.87 (72.14.222.87)  12.470 ms  14.949 ms  15.901 ms
 8  216.239.47.114 (216.239.47.114)  18.281 ms 209.85.255.232 (209.85.255.232)  16.993 ms  17.940 ms
 9  216.239.46.160 (216.239.46.160)  32.307 ms 72.14.235.34 (72.14.235.34)  31.327 ms 216.239.46.162 (216.239.46.162)  31.648 ms
10  209.85.241.50 (209.85.241.50)  117.217 ms 209.85.241.46 (209.85.241.46)  22.746 ms 72.14.237.131 (72.14.237.131)  26.046 ms
11  216.239.41.117 (216.239.41.117)  24.726 ms 209.85.254.115 (209.85.254.115)  23.318 ms  21.277 ms
12  108.170.233.85 (108.170.233.85)  24.663 ms  27.276 ms 108.170.233.87 (108.170.233.87)  25.051 ms
13  ord30s31-in-f238.1e100.net (172.217.4.238)  25.995 ms  22.507 ms  21.228 ms

The result shows information about the path that traffic takes. In some cases you will not be able to see all hops as firewalls may be blocking some requests.