CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [15]
A hacker may also do a Google search or a Yahoo! People search to locate information about employees.
The Google search engine can be used in creative ways to perform information gathering. The use of the Google search engine to retrieve information has been termed Google hacking. http : //groups . goog l e. com can be used to search the Google newsgroups. The following commands can be used to have the Google search engine perform Google hacking:
■ site searches a specific website or domain. The website to search must be supplied after the colon.
■ fi 1 etype searches only within the text of a particular type of file. The file type to search must be supplied after the colon. Don't include a period before the file extension.
■ 1 i n k searches within hyperlinks for a search term and identifies linked pages
■ cache identifies the version of a web page. The URL of the site must be supplied after the colon.
■ i ntit] e searches for a term within the title of a document.
■ i nu rl searches only within the URL (web address) of a document. The search term must follow the colon.
For example a hacker could use the following command INURL: ["parameter="] with FILETYPE: [ext] and INURL: [scri ptname] to locate certain types of vulnerable web applications.
Ora hacker could use the search string Intl tl e: " BorderManager information alert" to look for Novell BorderManager Proxy/Firewall servers.
Blogs, newsgroups, and press releases are also good places to find information about the company or employees. Corporate job postings can provide information as to the type of servers or infrastructure devices a company may be using on its network.
Other information obtained may include identification of the Internet technologies being used, the operating system and hardware being used, active IP addresses, e-mail addresses and phone numbers, and corporate policies and procedures.
Describe the Information Gathering Methodology
Information gathering can be broken into seven logical steps (see Figure 2.1). The footprinting process is performed during the first two steps of unearthing initial information and locating the network range.
Generally, a hacker spends 90 percent of the time profiling and gathering information on a target and 10 percent of the time launching the attack.
The other information-gathering steps are covered in Chapter 3, "Scanning and Enumeration."
Some of the common sources used for information gathering include the following:
■ Domain name lookup
■ Whois
■ Nslookup
■ Sam Spade
FIGURE 2.1 Seven steps of information gathering
Before we discuss these tools, keep in mind that open source information can also yield a wealth of information about a target, such as phone numbers and addresses. Performing Whois requests, searching Domain Name System (DNS) tables, and scanning IP addresses for open ports are other forms of open source footprinting. Most of this information is fairly easy to get and legal to obtain.
The details of how the DNS operates and the specifics of interpreting DNS records are outside the scope of this book and won't be discussed in detail. Only the most important details as related specifically to information gathering are covered in this book. It's recommended that all CEH candidates have a thorough understanding of DNS and how name resolution works on the Internet.
Hacking Tool
Sam Spade (http://www.samspade.org) is a website that contains a collection of tools such as Whois, nslookup, and traceroute. Because they are located on a website, these tools work for any operating system and are a single location for providing information about a target organization.
Describe Competitive Intelligence
Competitive intelligence means information gathering about competitors' products, marketing, and technologies. Most competitive