Ceh v8 labs module 02 footprinting and reconnaissance

CEH Lab Manual

Footprinting a n d
R e c o n n a i s s a n c e
M o d u l e 02

Module 0 2 - Footprinting and R e co n n a issa n ce

Footprinting a Target Network
F o o tp rin tin g re fe rs to u n co verin g a n d co lle ctin g a s m uch in fo rm a tio n a s p o ssib le
reg ard in g a ta rg e t n etn o rk

L a b S c e n a r io
Valuable
m
fonnation____

Penetration testing is much more than just running exploits against vulnerable

Test your
know
ledge

begins before penetration testers have even made contact w ith the vic tim ’s

sA

Web ex
ercise

them returns a shell, a penetration tester meticulously studies the environm ent

m

Workbook review

tester runs an exploit, he or she is nearly certain that it w ill be successful. Since

systems like we learned about

111

the previous module.

111

fact, a penetration test

systems. Rather than blindly throwing out exploits and praying that one o f
for potential weaknesses and their mitigating factors. By the time a penetration
failed exploits can

111

some cases cause a crash or even damage to a victim

system, or at the very least make the victim un-exploitable

111

the fiiUire,

penetration testers w on't get the best results, or deliver the most thorough
report to then‫ ־‬clients, i f they blindly turn an automated exploit machine on the
victim netw ork w ith no preparation.

L a b O b je c t iv e s
T he objective o f the lab is to extract inform ation concerning the target
organization that includes, but is not lim ited to:
■

IP address range associated w ith the target

■

Purpose o f organization and w h y does it exists

■

H o w big is the organization? W h a t class is its assigned IP Block?

■

Does the organization freely provide inform ation on the type o f
operating systems employed and netw ork topology 111 use?

■

Type o f firewall im plem ented, either hardware or software or
com bination o f both

■

Does the organization allow wireless devices to connect to wired
networks?

■

Type o f rem ote access used, either SSH or T N

■

Is help sought on I T positions that give inform ation on netw ork
services provided by the organization?

C E H Lab Manual Page 2

Ethical Hacking and Countemieasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


■

IdentitV organization’s users w h o can disclose their personal
inform ation that can be used fo r social engineering and assume such
possible usernames

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 02
Footprinting and
Reconnaissance

L a b E n v ir o n m e n t
Tins lab requires:
■

Windows Server 2012 as host machine

■

A web browser w ith an Internet connection

■

Administrative privileges to

11111 tools

L a b D u r a t io n
Time: 50 ]Minutes

O v e r v ie w o f F o o t p r in t in g
Before a penetration test even begins, penetration testers spend tune w ith their
clients working out the scope, mles, and goals ot the test. The penetration testers
may break

111 using any means

necessary, from information found

111 the

dumpster,

to web application security holes, to posing as the cable guy.
A fter pre-engagement activities, penetration testers begin gathering information
about their targets. O ften all the information learned from a client is the list o f IP
addresses a n d /o r web domains that are

111

scope. Penetration testers then learn as

much about the client and their systems as possible, from searching for employees
on social networking sites to scanning die perimeter for live systems and open ports.
Taking all the information gathered into account, penetration testers sftidv the
systems to find the best routes o f attack. Tins is similar to what an attacker would do
or what an invading army would do when trying to breach the perimeter. Then
penetration testers move into vulnerabilitv analysis, die first phase where they are
actively engaging the target. Some might say some port scanning does complete
connections. However, as cybercrime rates nse, large companies, government
organizations, and other popular sites are scanned quite frequendy. During
vulnerability analysis, a penetration tester begins actively probing the victim
systems for vulnerabilities and additional information. O nly once a penetration
tester has a hill view o f the target does exploitation begin. Tins is where all o f the
information that has been meticulously gathered comes into play, allowing you to be
nearly 100% sure that an exploit will succeed.
Once a system has been successfully compromised, the penetration test is over,
right? Actually, that's not nglit at all. Post exploitation is arguably the most
important part o f a penetration test. Once you have breached the perimeter there is
whole new set o f information to gather. Y o u may have access to additional systems
that are not available from the perimeter. The penetration test would be useless to a
client without reporting. Y o u should take good notes during the other phases,
because during reporting you have to tie evervdiing you found together 111 a way




everyone from the I T department who w ill be remediating the vulnerabilities to the
business executives who will be approving die budget can understand.
m

TASK 1
Overview

Lab T asks
Pick an organization diat you feel is worthy o f vour attention. Tins could be an
ed u c a tio n a l in stitu tion , a co m m e rcia l com pany.

01 perhaps

a nonprofit

charity.
Recommended labs to assist you

111 footprinting;

■

Basic N etw o rk Troubleshooting Using the ping u tility and nslookup Tool

■

People Search Using Anyw ho and Spokeo Online Tool

■

Analyzing D om ain and IP Address Queries Using Sm artW hois

■

N etw o rk Route Trace Using Path A nalyzer Pro

■

Tracing Emails Using e M a ilT ra c k e rP ro T oo l

■

Collecting Inform ation A bout a target’s Website Using Firebug

■

Mirroring Website Using H T T ra c k W eb S ite C opier Tool

■

Extracting Company’s Data Using W eb D ata E x tra c to r

■

Identifying Vulnerabilities and Inform ation Disclosures
using S earch Diggity

111 Search Engines

L a b A n a ly s is
Analyze and document the results related to die lab exercise. Give your opinion

011

your target’s security posture and exposure through public and tree information.

P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS
R EL A TE D TO THI S LAB.


Ethical Hacking and Countermeasures Copyright © by EC-Council


Lab

1

Using the Ping Utility
0 u tility
)1

P in g is a co m p uter n etw o rk a d m in is tra ti

u sed to te s t th e re a c h a b ility o f a

h o st on a n In te rn e tp ro to c o l (IP ) n e tw o rk a n d to m easure th e ro n n d - trip tim e fo r
m essages se n tfro m th e o rig in a tin g h o st to a d e stin a tio n com puter.

I CON KEY
[£ 7Valuable
Z
information
Test your
know
ledge_____
*

Web ex
ercise
Workbook review

As a professional p e n e tra tio n te s te r, you w ill need to check for the reachability
o f a com puter

111

a network. Ping is one o f the utilities that w ill allow you to

gather im portant inform ation like IP address, m axim um P a c k e t Fam e size,
etc. about the network com puter to aid

111 successful

penetration test.

Tins lab provides insight into the ping com m and and shows h ow to gather
inform ation using the ping command. T he lab teaches h ow to:
■
■

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 02
Footprinting and
Reconnaissance

Use ping
Em ulate the tracert (traceroute) com m and w ith ping

■

Find m axim um frame size for the network

■

Identity IC M P type and code for echo request and echo reply packets

T o carry out tins lab you need:
A dm inistrative privileges to run tools

■

TCP/IP settings correctly configured and an accessible DNS server

■


■

Tins lab w ill w o rk 111 the C E H lab environm ent - on W indow s S erver
20 1 2 . W indow s 8, W indow s S erver 2 0 0 8 , and W indow s 7

All Rights Reserved. Reproduction is Strictly Prohibited.


L a b D u r a t io n
Tune: 10 Minutes

O v e r v ie w o f P in g
& PING stan s for
d
Packet Internet Groper.

The ping command sends Internet Control Message Protocol (ICMP) echo request

Ping com and S
m
yntax:
ping [-q] [-v] [-R [-c
]
Count] [-iWait] [-s
PacketSize] Host.

response process, ping measures the tune from transmission to reception, known as

packets to the target host and waits tor an ICMP response. D uring tins requestdie round-trip tim e, and records any loss o f packets.

Lab T asks
1.

Find the IP address tor h ttp :/ Avww.cert 1hedhacker.com

2.

T o launch S ta rt menu, hover the mouse cursor in the low er-left corner
o f the desktop

FIGURE 1 :W
.1 indow S
s erver 2012—
Desktopview
Locate IP Address

3.

Click Com m and Prom pt app to open the com m and pro m p t w in do w

FIGURE 1 : W
.2 indow S
s erver 2012— pps
A
Type ping w w w .c e rtifie d h a c k e r.c o m
For the com and,
m
ping -c count, specify the
num of echo requests to
ber
send.


111 the

com m and prom pt, and

press E nter to find out its IP address
b.

T h e displayed response should be similar to the one shown

111 the

following screenshot



Administrator: C:Windowssystem32cmd.exe

m The ping command,
“ping —wait,” m
i
eans wait
tim that is the num of
e,
ber
seconds to wait betw
een
each ping.

!‫* 'םי ־‬

'

C:)ping uuu.certifiedhacker.com
Pinging www.certifiedhacker.com [202.75.54.1011 with 32 bytes of data:
Request timed out.
Reply from 202.?5.54.101: bytes=32 time=267ms TTL=113
Reply fron 202.75.54.101: bytes=32 time=288ms TTL=113
Reply fron 202.75.54.101: bytes=32 time=525ms TTL=113
Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 3, Lost = 1 <25z loss),
Approximate round trip times in m illi—
seconds:
Minimum = 267ms, M um = 525ms, Overage = 360m
axim
s
C:>

FIGURE 1 : The pingcom and toextract die IP ad re sfor w w
.3
m
ds
w .certifiedhacker.com

6. Y o u receive the IP address o f www.certifledhacker.com that is
2 0 2 .7 5 .5 4 .1 0 1
Y o u also get inform ation on Ping S ta tis tic s , such as packets sent,
packets received, packets lost, and A pp ro xim ate round-trip tim e
N o w , find out the m axim um frame size

011

the network. 111 the

com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 500
Finding Maximum
Frame Size

m Request time out is
displayed because either the
m
achine is down or it
im
plem
ents a packet
filter/firewall.

* ‫׳‬


:< ping www.certifiedhacker.com -f ‫0051 1 ־‬
!Pinging www.certifiedhacker.com [202.75.54.101] with 1500 bytes of data:
Packet needs to be fragmented but U set.
P
Packet needs to be fragmented but D set.
F
F
F
Packets: Sent = 4, Received = 0, Lost = 4 <100* loss).

FIGURE 1 The pingcom andforw w
.4:
m
w .certifiedhacker-comwidi ——
f 11500 options
9.

T h e display P a c k e t needs to be fragm ented but DF s e t means that the
frame is too large to be 011 the netw ork and needs to be fragmented.
Since w e used - f switch w ith the ping command, the packet was not
sent, and the ping command returned tins error

10. Type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 3 0 0

m In the ping command,
option —m
f eans don’t
fragm
ent.

! - ! = ■

X

'

Ic:>jping www.certifiedhacker.com - f -1 1300
Pinging www.certifiedhacker.com [202.75.54.101] with 1300 bytes of data:
Reply from 202.75.54.101: bytes=1300 time=392ms TTL=114
Packets: Sent = 4, Received = 4, Lost = 0 <0X loss),
Approximate round trip times in m illi—
seconds:
M um = 285ms, M um = 392ms, Average = 342m
inim
axim
s
C:>

FIGURE 1 : The pingcom and forw w
.5
m
w .certifiedhacker.comwith——
f 11300options




11. Y o u can see that the m axim um packet size is less than 1 5 0 0 bytes and
m ore than 1 3 0 0 bytes
In die ping com and,
m
“Ping— m
q,” eans quiet
output, only sum ary lines
m
at startup and com
pletion.

12. N o w , try different values until you find the m axim um frame size. F or
instance, ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 3 replies w ith
P a c k e t needs to be fra g m e n te d but DF s e t and ping
w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 2 replies w ith a su ccessfu l ping. I t
indicates that 1472 bytes is the m axim um frame size o il tins machine
netw ork
Note: T h e m axim um frame size w ill d iffer depending upon on the netw ork

I ‫ ־־‬I ‫ם‬

x

1

C:S)ping wow.cert i f iedhacker.com -f 1473 1‫־‬
Pin<jinc» www.certifiedhacker.com [202.75.54.1011 with 1473 bytes of data:
F
F
F
F
Packets: Sent = 4, Received = 0, Lost = 4 <100/ loss).
c a The router discards
packets when TTL reaches
0(Zero) value.
FIGURE 1.6: The pingcom andforw w
m
f 11473 options

1-1=' » '

C:>'ping www.certifiedhacker.com -f -1 1472
[Pinging www.certifiedhacker.com [202.75.54.101] with 1472 bytes of data:
Approximate round trip times in milli-seconds:
Minim
um = 282ms, M um = 359ms, Overage = 319m
axim
s

FIGURE 1.7: Hie pingcom and forw w
m
f 11472options

! The ping command,
“Ping— m
R,” eans record
route. It turns on route
recording for the Echo
Request packets, and
displays die route buffer on
returned packets (ignored
by m routers).
any


13. N o w , find out w hat happens w hen TTL (T im e to Live) expires. Ever}1
frame

011

the netw ork has T T L defined. I f T T L reaches 0, the router

discards the packet. This mechanism prevents the loss of p a c k e ts
14. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 3.
T h e displayed response should be similar to the one shown
follow ing figure, but w ith a different IP address

111 the



Bl


1

C:>ping uuw.certifiedl1acker.com - i 3
Pinsrincf 17uu.certifiedhacker.com [202.75 .54.1011 uith 32 bytes of data:
Reply from 183.82.14.17: TTL expired in transit.
■Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 4, Lost = 0 <0X loss).
lc:>
| <|

1
1
1

j

p

1<‫רדו‬

FIGURE 1 : The pingcom and forvwwcfi-rifierlhacker.co w -i 3 options
.8
m
m ith
15. Reply from 1 8 3 .8 2 .1 4 .1 7 : T T L exp ired in tra n s it means that the router
(183.82.14.17, stadents w ill have some other IP address) discarded the
frame, because its T T L has expired (reached 0)
T A S K

3

16. T he E m u late tra c e rt (traceroute) command, using ping - m anually,
found the route from your PC to w w w .cert 1fiedhacker.com

Em ulate T racert

17. T h e results you receive are different from those 111 tins lab. Y o u r results
may also be different from those o f the person sitting next to you
18.

111

the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 1 -n

1. (Use

-11

1 in order to produce only one answer, instead o f receiving

four answers on W indow s or pinging forever on Linux.) T h e displayed
response should be similar to the one shown in the follow ing figure
C:>ping www.certifiedhacker.com — 1 — 1
i
n
Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da
Request timed out.

ca

In the ping com and,
m
the -i option represents
tim to live TTL.
e

Ping sta tis tic s for 202.75.54.101:
Packets: Sent = 1, Received = 0, Lost = 1 <100x 10ss>‫״‬
C:>

FIGURE 1 : The pingcom and for ™‫ ׳!י‬reitified1acker.comwith—1— 1options
.9
m
l
i n
19. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 2 -n
1. T h e only difference between the previous ping com m and and tliis
one is - i 2. T h e displayed response should be similar to the one shown

111 the


follow ing figure



Adm
inistrator: C:W
indowssystem
32cm
d.exe
C:)ping www.certifiedhacker.com — 2 — 1
i
n

m 111 the ping command,

Request timed out.

-t m
eans to ping the
specified host until
stopped.

Ping sta tis tic s for 202.75.54.101:
C:>

FIGURE 1.10: The pingcom and for w w
m
w .certifiedl1acke1.comwith-i 2— 1options
n
1. Use -n 1

111 order

to produce only one answer (instead o f four on

W indow s or pinging forever on Linux). T h e displayed response should
be similar to the one shown

111 the

follow ing figure

C:)ping www.certifiedhacker.con - i 3 -n 1
Reply from 183.82.14.17: TTL expired in tra n s it.
s In the ping com and,
m
the -v option m
eans
verbose output, which lists
individual ICMP packets, a
s
well a echo responses.
s

C:>

FIGURE 1.11: Hie pingcom and for w w
m
w .certifiedl1acker.comwith—3— 1o
i n ptions
1. Use -n 1

111 order

to produce only one answer (instead o f four on

W indow s or pinging forever on Linux). T h e displayed response should
be similar to the one shown
G5J

111 the

following figure

Adm
inistrator: C:W
indowssystem
32cm
d.exe

H » l

>
‫־‬

'

D:>ping www.certifiedhacker.com - i 4 -n 1
Reply from 121.240.252.1: TTL expired in tra n s it.
Packets: Sent = 1, Received = 1, Lost = 0 <0X loss).

FIGURE 1.12: Hie pingcom and for w .certifiedhacker-comwith—4— 1o
m
ivw
i n ptions
£Q In the ping com and,
m
the —s e option m
1 12
eans to
send the buffer size.

22. W e have received the answer from the same IP address 111 tw o d iffe re n t
.
.
.
.
. . .
steps. H u s one identities the packet rnter; some packet filters do not
d e c re m e n t T T L and are therefore invisible




m 111 the ping command,
the -w option represents
the tim
eout in m
illiseconds
to wait for eachreply.

23. Repeat the above step until you reach th e IP address for
w w w .c e rtifie d h a c k e r.c o m

(111 this

case, 2 0 2 .7 5 .5 4 .1 0 1 )


E M

'

C:)ping www.certifiedhacker.com - i 10 -n 1
Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of data:
Packets: Sent = 1, Received = 1, Lost = 0 <0x loss),
C:>

FIGURE 1.13: The pingcom andfor w w
m
w .certifiedhacker.comwith—10— 1options
i
n
24. H ere the successful ping to reach w w w .c e rtifie d h a c k e r.c o m is 15
hops. T he output w ill be similar to the trace route results

m Traceroute sends a
sequence of Internet
Control M
essage Protocol
(ICMP) echo request
packets addressed to a
destinationhost.

:>p 1ng www.cert1f 1 edhacker.com -1 12 -n 1
inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes
equest timed out.
ing statistics for 202.75.54.101:
Packets: Sent = 1, Received = 0, Lost = 1 (100X loss),
:S)ping www.certifiedhacker.com - i 13 -n 1
inging v4ww.certifiedhacker.com [202.75.54.1011 with 32 bytes
eply from 1.9.244.26: TTL expired in transit.
Packets: Sent = 1, Received = 1, Lost = 0 <0x loss),
:S)ping www.certifiedhacker.com — 14 — 1
i
n
inging Hww.nRrtif1Rrthacker.com [202.75.54.1011 with 32 bytes
eply from 202.75.52.1: TTL expired in transit.
:>ping www.certifiedhacker.com - i 15 -n 1
inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes
eply from 202.75.54.101: bytes=32 time=267ms TTL=114
pproximate round trip times in milli-seconds:
Minim
um = 267ms, M um = 267ms, Overage = 267m
axim
s

of data

of data

of data

of data

FIGURE 1.14: Hie pingcom and for w w 1tifiedhacker.comwith—15— 1options
m
w .ce
i
n
25. N o w , make a note o f all die IP addresses from w hich you receive the
reply during the ping to emulate tracert

L a b A n a ly s is
Docum ent all die IP addresses, reply request IP addresses, and their TJL'Ls.




T o o l /U t il it y

In fo rm a tio n C o lle c te d /O b je c tiv e s A c h ie v e d
I P A ddress: 202.75.54.101
P a c k e t Statistics:
■

P in g

Packets Sent — 4

■

Packets Received — 3

■

Packets Lost — 1

■

A pproxim ate Round T rip T im e — 360111s

M a x im u m F ra m e Size: 1472
T T L R esponse: 15 hops

P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS
R EL A T E D TO THI S LAB.

Q u e s t io n s
1.

H o w does tracert (trace route) find the route that the trace packets are
(probably) using?

2.

Is there any other answer ping could give us (except those few w e saw
before)?

3.

W e saw before:
‫י‬

Request timed out

‫י‬

Packet needs to be fragmented but D F set

‫י‬

Reply from X X X . X X X .X X X . X X : T I L expired

111 transit

W h a t IC M P type and code are used for the IC M P E cho request?
4.

W h y does traceroute give different results on different networks (and
sometimes on the same network)?

In te r n e t C o n n e c tio n R e q u ire d
0 Y es

□ No

P la tfo rm S u p p o rted
0 C lassro o m


D iLabs



Using the nslookup Tool
n slo o k u p is a n etw o rk a d m in istra tio n com m and-line to o l a v a ila b le fo r m an y
co m p uter o p e ra tin g system sfo r q u e ryin g th e D o m a in N a m e System (D N S ) to
o b ta in th e d o m ain nam e, th e IP

ad d ress m ap p in g , o r a n y o th e r sp e cific D N S reco rd .

[£ 7Valuable
Z
information

111 the previous lab, we gathered inform ation such as IP address. Ping
S ta tis tic s . M axim um F ram e Size, and T T L Response using the ping utility.

Test your
know
ledge_____
*

Using the IP address found, an attacker can perform further hacks like port

Web ex
ercise

located and dom ain name associated w ith the IP address.

!322 Workbook review

scanning, N etbios, etc. and can also tind country or region

111

w hich the IP is

111 the next step o f reconnaissance, you need to tind the DNS records. Suppose

111

a netw ork there are tw o dom ain name systems (D N S ) servers named A and

B, hosting the same A c tiv e D ire c to ry -In te g ra ted zone. Using the nslookup
tool an attacker can obtain the IP address o f the dom ain name allowing him or
her to find the specific IP address o f the person he or she is hoping to attack.
Though it is difficult to restrict other users to query w ith D N S server by using
nslookup com m and because tins program w ill basically simulate the process
that h ow other programs do the D N S name resolution, being a p enetration
te s te r you should be able to prevent such attacks by going to the zone’s
properties, on the Z on e T ra n s fe r tab, and selecting the option not to allow
zone transfers. Tins w ill prevent an attacker from using the nslookup command
to get a list o f your zone’s records, nslookup can provide you w ith a wealth o f
D N S server diagnostic inform ation.

The objective o f tins lab is to help students learn how to use the nslookup
command.
This lab will teach you how to:
■


Execute the nslookup command


Module 02 - Footprinting and Reconnaissance

■

F in d d ie I P a d d re s s o f a m a c h in e

■

C h a n g e th e s e rv e r y o u w a n t th e re s p o n s e fr o m

■

E l i c i t a n a u t h o r it a tiv e a n s w e r fr o m th e D N S s e rv e r

■

F in d n a m e s e rv e rs f o r a d o m a in

■

F in d C n a m e (C a n o n ic a l N a m e ) f o r a d o m a in

■
■

&
Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

F in d m a il s e rv e rs lo r a d o m a in
Id e n t if y v a r io u s D N S re s o u r c e re c o rd s

Lab Environment
T o c a n y o u t th e la b , y o u n e e d :
■

A d m in is t r a tiv e p r iv ile g e s to r u n to o ls

■

TCP/IP s e ttin g s c o r r e c t ly c o n fig u r e d a n d a n a c c e s s ib le D N S s e rv e r

■

T in s la b w ill w o r k

111

th e C E H

la b e n v ir o n m e n t -

011

Window s

S erver

2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7
■

I t th e

nslookup com m and d o e s n ’t w o r k , re s ta rt th e com m and

w in do w , a n d ty p e nslookup t o r th e in t e r a c t iv e m o d e .

Lab Duration
T im e : 5 M in u te s

Overview of nslookup
nslookup m e a n s nam e server lookup. T o e x e c u te q u e n e s , n s lo o k u p u se s d ie
o p e ra tin g s y s te m ’s lo c a l
o p e ra te s

111

Domain Nam e System (DNS) resolver library, n s lo o k u p

interactive

01‫־‬

non-interactive m o d e . W h e n u s e d in te r a c tiv e ly b y

in v o k in g it w id io u t a rg u m e n ts
seco n d

a rg u m e n t

c o n fig u ra tio n s

is

01‫־‬

w h e n d ie fir s t a rg u m e n t is - (m in u s sig n ) a n d d ie

host nam e

0 1 ‫ ־‬re q u e sts

01‫־‬

IP address, th e

w h e n p re s e n te d w ith th e

u ser

issu e s

a rg u m e n ts a re g iv e n , th e n th e c o m m a n d q u e rie s to d e fa u lt s e rv e r. T h e

sign) in v o k e s s u b c o m m a n d s w h ic h a re s p e c ifie d
p re c e d e n s lo o k u p c o m m a n d s .

nam e

01‫־‬

111

p a ra m e te r

nslookup prompt (> ). W h e n
011

110

- (minus

c o m m a n d lin e a n d s h o u ld

non-interactive mode. i.e . w h e n firs t a rg u m e n t is

internet address o f th e h o s t b e in g s e a rc h e d , p a ra m e te rs a n d th e q u e ry a re

s p e c ifie d as c o m m a n d lin e a rg u m e n ts

111

th e in v o c a tio n o f th e p ro g ra m . T h e

11011 -

in te r a c tiv e m o d e se a rch e s th e in fo rm a tio n fo r s p e c ifie d h o s t u s in g d e fa u lt n a m e
s e rv e r.
W it h n s lo o k u p y o u w ill e id ie r re c e iv e a n o n - a u d io n ta tiv e o r a u th o rita tiv e a n s w e r.
Y o u re c e iv e a

non-authoritative answ er b e c a u s e , b y d e fa u lt, n s lo o k u p ask s y o u r

n a m e s e rv e r to re c u rs e

111

o rd e r to re s o lv e y o u r q u e ry a n d b e c a u s e y o u r n a m e s e rv e r is

n o t a n a u th o rity fo r th e n a m e y o u a re a s k in g it a b o u t. Y o u c a n g e t a n

authoritative

answ er b y q u e ry in g th e a u th o rita tiv e n a m e s e rv e r fo r d ie d o m a in y o u a re in te re s te d

CEH Lab Manual Page 14

Ethical Hacking and Countemieasures Copyright © by EC-Comicil


Lab Tasks
1.

Lau nch

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r

111

th e lo w e r - le ft

c o r n e r o f th e d e s k to p

S

TASK 1
Extract
Information
i j Windows Server 2012
fttn cM S w *2 1 ReleMQ
d s e e 02
nxtditeO tm
aiM •
1a a nc p fk
v lu tio o y *W
IP P R P G S

* 5 ; ‫ן ל ל ן יט י‬
F I G U R E 2 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w

2.

C lic k th e

Com m and Prom pt a p p to o p e n th e c o m m a n d p r o m p t

w in d o w

F I G U R E 2 .2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s

,____

3.

T h e g e n e ra l

111 th e c o m m a n d p r o m p t, ty p e

4.

N o w , ty p e

nslookup, a n d p re s s E nter

c o m m a n d s y n t a x is
n s l o o k u p [ - o p t io n ] [ n a m e

|

-] [ s e r v e r ] .


help a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r

to d ie o n e s h o w n

111

th e fo llo w in g fig u re



ss

Administrator: C:Windowssystem32cmd.exe - nslookup

S

C :)n s lo o k u p
D e fa u lt S e rv e r:
n s l.b e a m n e t. in
A d dress:
2 0 2 .5 3 .8 .8

.S '

T y p in g " h e lp " o r " ? " a t

th e c o m m a n d p ro m p t
g e n e r a t e s a lis t o f a v a ila b le
com m and s.

> h e lp
Commands:
( i d e n t i f i e r s a re shown in u p p e rc a s e , LJ means o p t i o n a l )
NAME
- p r i n t in fo about th e hos t/d o m ain NAME u s in g d e f a u lt s e r v e r
NAME1 NAME2
- as abo ve, but use NAME2 as s e r v e r
h e lp o r ?
‫ ־‬p r i n t in fo on common commands
s e t OPTION
- s e t an o p tio n
a ll
- p r i n t o p tio n s * c u r r e n t s e r v e r and host
[no]debug
- p r i n t debugging in fo rm a tio n
[n o ld 2
‫ ־‬p r i n t e x h a u s tiv e debugging in fo rm a tio n
[n o Id e f name
- append domain name to each query
[n o !re c u rs e
- ask f o r r e c u r s iv e answer to qu e ry
[n o !s e a rc h
- use domain sea rc h l i s t
[no Ivc
- alw ays use a v i r t u a l c i r c u i t
domain =NAME
- s e t d e f a u lt domain name to NAME
s r c h l i s t = N 1 [ / N 2 / . . . / N 6 1 - s e t domain to N1 and s ea rc h l i s t to N 1 ,N 2, e t c .
ro o t =NAME
- s e t ro o t s e r v e r to NAME
re try = X
- s e t number o f r e t r i e s to X
t imeout=X
‫ ־־‬s e t i n i t i a l tim e -o u t i n t e r v a l to X seconds
- s e t q u e ry typ e ( e x . A,AAAA,A*AAAA,ANY,CNAME,MX,NS,PTR,
ty p e =X
S0A,SRU)
q u e ry ty p e =X
- same as type
c la s s ‫־‬X
— s e t q u e ry c la s s <ex . IN ( I n t e r n e t ) , ANY)
- use MS f a s t zone t r a n s f e r
[no]m sxf r
- c u r r e n t v e rs io n to use in IXFR t r a n s f e r re q u e s t
ix fr v e r = X
s e r v e r NAME
- s e t d e f a u l t s e r v e r to NAME, u s in g c u r r e n t d e f a u l t s e r v e r
ls e r w e r NAME
- s e t d e f a u lt s e r v e r to NAME, u s in g i n i t i a l s e r v e r
ro o t
- s e t c u r r e n t d e f a u l t s e r v e r to th e r o o t
Is [ o p t ] DOMAIN [> F IL E ] - l i s t addresses in DOMAIN ( o p t io n a l: o u tp u t to F IL E )
-a
‫־‬
l i s t c a n o n ic a l names and a lia s e s
-d
— l i s t a l l rec o rd s
- t TYPE
l i s t re c o rd s o f th e g iven RFC re c o rd ty p e ( e x . A,CNAME,MX,NS,
PTR e t c .>
view FILE
- s o r t an ' I s ' o u tp u t f i l e and view i t w ith pg
- e x i t th e program
e x it
>

F I G U R E 2 .3 : T h e n s l o o k u p c o m m a n d w i t h h e lp o p t i o n

5.

111 th e n s lo o k u p

6.

N o w , ty p e

interactive m o d e , ty p e “set type=a” a n d p re s s Enter

w w w .certifiedhacker.com a n d p re ss Enter. T h e d is p la y e d

re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n

111

d ie fo llo w in g fig u re

Note: T h e D N S s e rv e r A d d re s s (2 0 2 .5 3 .8 .8 ) w ill b e d iffe r e n t fro m d ie o n e s h o w n

111

d ie s c re e n s h o t

F I G U R E 2 .4 : h i n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n

Use Elicit
Authoritative

7.

Y o u get
but

111

Authoritative o r Non-authoritative answer. T h e a n s w e r v a n e s ,

d iis la b , it is

Non-authoritative answ er

8.

L i n s lo o k u p in te r a c tiv e m o d e , ty p e

9.

N o w , ty p e

set type=cnam e a n d p re s s Enter

certifiedhacker.com a n d p re s s Enter

Note: T h e D N S s e rv e r a d d re ss (8 .8 .8 .8) w ill b e d iffe r e n t d ia n d ie o n e

111

s c re e n s h o t

10. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n as fo llo w s :
>


s e t

ty p e = c n a m e



>

c e r t if ie d h a c k e r .c o m

S e r v e r:

g o o g le - p u b lic - d n s - a . g o o g le . co m

A d d re s s :

r
Q

TASK

8 . 8.8. 8

Administrator: C:Windowssystem32cmd.exe ‫ ־‬ns...

‫ם‬

x

3

Find Cname

‫> : נ‬

n s lo o k u p

) e f a u

l t

S e r v e r :

I d d r e s s :

g o o g l e - p u b l i c - d n s - a . g o o g l e . c o n

8 . 8 . 8 . 8

>

s e t

t y p e = c n a n e

>

c e r t

i f i e d

J e r u

e r :

I d d r e s s :

: e r t

i f

h a c k e r . c o n

g o o g l e - p u b l i c ‫ ־‬d n s ‫ ־‬a

. g o o g le . c o n

8 . 8 . 8 . 8

i e d h a c k e r
p

r i n

a r y

. c o n
n a n e

r e s p o n s i b l e
s

e

r i a

l

=

s e r u e r
n

a

i l

=

n s 0 . n

a d d r

=

a d

o

y e a r l y f e e s . c o n

n i n . n o y e a r l y f e e s . c o n

3 5

r e f r e s h

=

9 0 0

(1 5

n in s >

r e

=

6 0 0

( 1 0

n

e x p i r e

=

8 6 4 0 0

d

T T L

t r y

e f a u l t

=

( 1

3 6 0 0

i n

s )

d a y )
( 1

h o u r >

II
I
F I G U R E 2.5:111 iis l o o k u p c o m m a n d , s e t t y p e = c n a m e o p t i o n

11. 111 iis lo o k u p in te r a c tiv e m o d e , ty p e

server 64.147.99.90 (o r a n y o th e r I P

a d d re ss y o u re c e iv e in th e p re v io u s ste p ) a n d p re s s
12. N o w , ty p e
13. T y p e

Enter.

set type=a a n d p re s s Enter.

w w w .certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e

s h o u ld b e s im ila r to th e o n e s h o w n

111

d ie fo llo w in g fig u re .

[SB Administrator: C:Windowssystem32cmd.exe - ns.‫ ״‬L^.

1 1 1 n s lo o k u p
c o m m a n d , r o o t o p tio n
m e a n s to set th e c u rre n t
d e fa u lt s e r v e r t o th e r o o t.

F I G U R E 2.6:111 n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n

14. I I y o u re c e iv e a

request tim ed out m e ssa g e , as s h o w n in th e p re v io u s

fig u re , d ie n y o u r fir e w a ll is p re v e n tin g y o u fro m s e n d in g D N S q u e rie s
o u ts id e y o u r L A N .




15. 111 n s lo o k u p in te r a c tiv e m o d e , ty p e
16. N o w , ty p e

set type=m x a n d p re s s Enter.

certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e

s h o u ld b e s im ila r to th e o n e s h o w n

111

d ie fo llo w in g fig u re .

‫ '׳‬T o m a k e q u e iy t y p e
o f N S a d e fa u lt o p t io n f o r
y o u r n s lo o k u p c o m m a n d s ,
p la c e o n e o f th e f o llo w in g
sta te m e n ts in th e
u s e r _ id .N S L O O K U P .E N V
d a t a s e t: s e t q u e r y t y p e = n s
o r q u e ry ty p e = n s .

F I G U R E 2 .7 : I n n s l o o k u p c o m m a n d , s e t t y p e = m x o p t i o n

Lab Analysis
D o c u m e n t a ll d ie I P a d d re ss e s, D N S s e rv e r n a m e s , a n d o d ie r D N S in fo rm a tio n .

T o o l/ U t ilit y

In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
D N S S e r v e r N a m e : 2 0 2 .5 3 .8 .8
N o n - A u t h o r it a t iv e A n s w e r : 2 0 2 .7 5 .5 4 .1 0 1
C N A M E ( C a n o n ic a l N a m e o f a n a lia s )

n s lo o k u p

■

A lia s : c e r t 1 fie d h a c k e r .c o m

■

C a n o n ic a l n a m e : g o o g le - p u b l 1 c- d 11s - a .g o o g le .c o m

M X

P LE A S E

TA LK

TO

( M a i l E x c h a n g e r ) : m a 1 1 .c e rt1 fie d h a c k e r.c o m

Y O U R IN S T R U C T O R IF Y O U
R E L A T E D TO T H IS LAB.

H A V E

Q U E S T IO N S

Questions
1.

A n a ly z e a n d d e te rm in e e a c h o t th e t o llo w in g D N S re s o u r c e re c o rd s :
■


SO A



■
■

A

■

PT R

■

C N A M E

■

M X

■
2.

N S

SR Y

E v a lu a t e th e d iffe r e n c e b e tw e e n a n a u t h o r it a tiv e a n d n o n - a u d io r ita tiv e
a n s w e r.

3.

D e te r m in e w h e n y o u w ill r e c e iv e re q u e s t tim e o u t in n s lo o k u p .

In t e r n e t C o n n e c t io n R e q u ir e d
0

Yes

P la t f o r m
0


□

N o

S u p p o rte d

C la s s r o o m

□ !L a b s

Ethical Hacking and Countermeasures Copyright © by EC-Comicil


People Search Using th e AnyWho
Online Tool
A _n y W h o is an o n lin e w h ite p ag es p eo p le search d ire c to ry fo r q u ic k ly lo o k in g u p
in d iv id u a lp h o n e num bers.

Lab Scenario
Valuable
m fonnatioti______
Test your
knowledge

*d

W eb exercise

m

W orkbook review

Y o u h a v e a lre a d y le a rn e d d ia t d ie burst stag e
m u c h in fo r m a tio n as p o s s ib le .
re la te d to

111

111

p e n e tra tio n te s tin g is to g a th e r as

th e p re v io u s la b , y o u w e re a b le to tin d in fo rm a tio n

DNS records u s in g th e n s lo o k u p to o l. I f a n a tta c k e r d is c o v e rs a fla w

D N S s e rv e r, h e o r sh e w ill e x p lo it th e fla w to p e rfo rm

111

a

a c a c h e p o is o n in g a tta c k ,

m a k in g d ie s e rv e r c a c h e th e in c o r r e c t e n trie s lo c a lly a n d s e rv e th e m to o th e r u se rs
th a t m a k e th e sa m e re q u e st. A s a p e n e tra tio n te ste r, y o u m u s t a lw a y s b e c a u tio u s
a n d ta k e p re v e n tiv e m e a su re s a g a in s t a tta ck s ta rg e te d a t a n a m e s e rv e r b y

securely

configuring nam e servers to re d u c e th e a tta c k e r's a b ility to c o r m p t a z o n e file w id i
th e a m p lific a tio n re c o rd .
T o b e g in a p e n e tra tio n te st it is a ls o im p o rta n t to g a th e r in fo rm a tio n a b o u t a

user

location to in tru d e in to th e u s e r’s o rg a n iz a tio n s u c c e s s fu lly . 111 tin s p a rtic u la r la b , w e
w ill le a rn h o w to lo c a te a c lie n t o r u s e r lo c a tio n u s in g d ie AnyWho o n lin e to o l.

Lab Objectives
T h e o b je c tiv e o f d u s la b is to d e m o n s tra te th e fo o tp rin tin g te c h n iq u e to c o lle c t

confidential information o n a n o rg a n iz a tio n , s u c h as then: key personnel a n d th e ir
contact details, u s in g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm p e o p le
H Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance


s e a rc h a n d p h o n e n u m b e r lo o k u p u s in g h ttp : / /w w w .a n y w h o .c o m .

Lab Environment
111

th e la b , y o u n e e d :
■

A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n

■

A d m in is tra tiv e p riv ile g e s to ru n to o ls

■


111 th e C E H
la b e n v ir o n m e n t - o n W indow s S erver
2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7

Ethical Hacking and Countenneasures Copyright © by EC-Council


Lab Duration
T u n e : 5 ] lu iu te s

Overview of AnyWho
A n y W h o is a p a rt o t d ie

ATTi fam ily o t b ra n d s , w liic h m o s tly to c u s e s o n lo c a l

se a rch e s t o r p ro d u c ts a n d s e rv ic e s . T lie site lis ts in fo rm a tio n fro m th e
(F u id a P e r s o n / R e v e r s e L o o k u p ) a n d th e

W hite Pages

Y ellow Pages (F in d a B u s in e s s ).

Lab Tasks
1.

Lau nch

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r o il th e lo w e r- le ft


m

A n y W h o a llo w y o u to

s e a r c h f o r l o c a l b u s in e s s e s
b y n a m e to q u ic k ly fin d
t h e i r Y e l l o w P a g e s l i s t in g s
w i t h b a s ic d e ta ils a n d m a p s ,

■8 W in d o w s Se rver 2012

p lu s a n y a d d it io n a l t im e
a n d m o n e y - s a v in g fe a tu re s ,

Window* Serve! 2 12 Rele< Candidate
Server 0
ae

fviluaiioft copy R tld
u

s u c h as c o u p o n s , v id e o

■
KIWI

p r o f ile s o r o n lin e
r e s e r v a t io n s .


2.

C lic k th e

Google Chrom e a p p to la u n c h th e C h r o m e b r o w s e r

01‫־‬

la u n c h

a n y o th e r b r o w s e r


TASK 1
People Search
w ith AnyWho


3.

L i d ie b ro w s e r, ty p e

http://w ww .anywho.com . a n d p re s s Enter

011

d ie

k e y b o a rd



4 * C
‫♦ ־‬

(ww»anyA»o;orj

A nyW ho
9 < .fc‫ ־‬S LO K P
k <= O U

u

a

A n y W h o is p a r t o f t h e

White Pages | Find People By Name

A T T i fa m ily o f b r a n d s ,

Find a Person

Fad Pcoote ■ Ou‫ ־‬Wfrte Fages Directory
a

w h ic h fo c u s e s o n lo c a l

V» yw u k M ) fa sn1Mfnux Tryn ro*»rfyw ad*«s»?
i
r
ff
g
01 ■ A yxi s» 1‫ י׳‬irtfm c 10 1w 6« 11 *‫ י0נ‬rc n s?
wx
fcar # r* 1m f
co d
VirWw ertntM a**♦cnliie *tie swe1 d r/ *h yoi
i
iceto «re
car lad meto b tte* n»n* jdoeti wy uc4n to1
v
o

s e a rc h p ro d u c ts a n d

cyr p
eoa

s e rv ic e s .

®!• ]
*E

‫אז־‬A
r‫׳‬y1Y»own«Pap 11 u M4■ * t <t px
»t :X # m y m r
<
m %0»n(M*dt ton Kirntt*• ranon ro‫ ׳‬t«5
rtm
n *» tar tre*« vd «« ru ♦tr *a‫׳‬cr*1gir
cw
m tn

Br N m I By Awkm 1 By Ph4 « M
im>
n in**‫״‬

• V#«lati 1»rta * co iro rc d Ihi till In! n
>
n n lu •
i
m d mat« c / l•10iwcwy u • itti
d•
tfy tia
o‫ ׳‬M

‫ י‬If*• !»<<ro «
• »•

(•g rM yJm i

F I G U R E 3 .3 : A n y W h o - H o m e P a g e h t t p : / / w w w . a n y w h o . c o m

4.

In p u t d ie n a m e o f d ie p e rs o n y o u w a n t to s e a rc h fo r in d ie
s e c tio n a n d c lic k
W Page?|Peo leFin:
hite
p
<
‫־‬

c a

C

Find a Person

Find
it™

^

© ww wjnywho.com

In c lu d e b o th th e firs t

AnyWho

a n d la s t n a m e w h e n

FtnoirvPcopfe FaecestnoBjsnesscs

s e a rc h in g th e A n y W h o
f t

W h ite Pag es.

X WHITE PAGES

B s YELLOW PACES

OREVERSE LOOKUP

I

AREA/ZIP CODE LOOKUP

©

UAPS

W h it e P a g e s | Fin d P e o p le B y N am e

^

Find a Person

Tind People in Our White Pages Directory

Rose
City or ZIP
By Mama

Are you starching for an old friend? Trying to verify an address?
Oi maybe you see an unfamiliar phone number in your records?
AnyWho provides a Tree online while pages directory where you
can find people by their name, address or you can do a reverse
lookjp by phone number

| Christian
1
State [vl

The AnyWho White Pages is updated weekly with phone
numbers of irdr/duals from across the nation For best results,
include both the first and last name when searching the
AnyWho White Pages a d if you have it. the ZIP Code
n.

By Address I By Phone Number

Personal identifying inform
ation available on AnyW
ho
is n:t cro * Je J : ‫ י‬AT&T and is provided sol elf by an
•
uraflated find party. Intelm Inc Full Disclaimer
3.

F I G U R E 3 .4 : A n y W h o — N a m e S e a r c h

5.

A n y W h o re d ire c ts y o u to

search results w ith d ie n a m e y o u h a v e e n te re d .

T h e n u m b e r o f re s u lts m ig h t v a n ‫־‬
Find a Person by Name . Byi!•** ..ByAdd iv ii
Rose

Chnstian

1 1 1c« o cvUtJIiy nteluv.com D
htcM
lnw
1 10 Listings Found for Rose Christian
R ose A Christian
m

Y e l l o w P a g e s l is t in g s

(s e a rc h e s b y c a te g o ry o r

» a m to Accreea 899( ” uape &Dnvng Drocncrs

By Phone Numbvf

City or 7IP Cnflc

't n t 'O

■ 1501

Tind m o ie

infoimatlon

ftom

Intollus

M ore information for R ose A Christian
‫ •י‬Email and Otner Phone Lookup
‫ יי‬Get Detailed Background information
• Get Pucnc Records
‫״‬
‫ ״‬view Property & Area Information
* view Social Network Pr&rilo
•

n a m e ) a re o b ta in e d f r o m
Y P .C O M

a n d a re u p d a te d

R ose B Christian
• M M I C m m + 0* O M W

o n a r e g u l a r b a s is .
» Add toAddress B99k

» Wacs &Drtvhg DJ‫־‬ectione

Rose C Christian

M ore information for R ose B Christian
» Email anc other Phone Lookup
* Getoetaiso Backflround information
>
* Get Public Records
* view Praocitv &Area Information
‫•י‬View Social Network Profile

» A4 (o/.Mim B 9 ‫ ״‬Mp 4D gD c n
0
9 k > a s rivh ire tio &

M ore Information for Rose C Christian
‫ יי‬Email 300 otner Phone lookup
“ Get Dttilac Background Information
» G•! Pjtl'C RtCOtdS
* Wew Property & A/ea Information
‫״‬
* view Social Netarork Profile
*

Ro*• E Christian

M ore information tor Ro•• E Christian

•W •*% 9t t t

m m ‫ י״‬MM
mm

F I G U R E 3 .5 : A n y W h o P e o p l e S e a r c h R e s u lt s




task

2

6.

C lic k d ie

search results to see d ie a d d re ss d e ta ils a n d p h o n e n u m b e r o f

d ia t p e rs o n

View ing Person
Information

Rose A Christian
Southfield PI,
0-f -SH ' 6

Add to Address Book | Print

!re, MD 21212

A re you R o se A Christian? » Rem ove Listing

Information provided solely by Intelius

Get Directions

□

Enter Address

‫ש‬
m

Southfield PI.

T h e s e a rc h r e s u lts

3

•‫־‬re. MD 21212

C e t D ir e c t io n s

>R e v e rse D irections

d is p la y a d d re s s , p h o n e
n u m b e r a n d d ir e c t io n s fo r
t h e lo c a t io n .

Gul f of

O 'J J t t Z 'jr / jn d u i

-j 'jj l‫/׳.>! ׳‬r-O
j

F I G U R E 3 .6 : A n y W h o - D e t a i l S e a r c h R e s u l t o f R o s e A C h r is t ia n

7.

S in u la d y , p e rfo rm a re v e rs e s e a rc h b y g iv in g p h o n e n u m b e r o r a d d re ss
d ie

y = l

T h e R everse P h o n e

111

Reverse Lookup h e ld

C

0 w /w
w .anyvrtx> m •everse-lookup
.co ‫׳‬

L o o k u p s e r v ic e a llo w s
v is it o r s t o e n t e r in a p h o n e

AnyW ho

n u m b e r a n d im m e d ia t e ly

W ta A
flO O rcc-f. Pitert m35■ ‫>»«»׳‬
v*

l o o k u p w h o i t is r e g i s t e r e d

JL

to .

□

• Kk«‫׳‬fcKSt LOOKUP

kVHIfE PACES

R everse Lookup | Find People By
Phone Number

Reverse Lookup

AnyWho's Reverse Phone LooKup service allows visitors to enter
*‫ »ימא*ן ג י‬num and im ediately lookupw it is registered
ber
m
ho
to. Perhaps you mssed an incom phone call and want to
ing
knoww * is before you call back. Type the phone num in
ho
ber to
the search box andwell performa white pages reverse lookup
search ‫ פז‬fni out exactly who it is registered to If we ha*® a
m
atch far the pnone num well show you the registrant's first
ber
and last nam and maim address If you w to do reverse
e,
g
ant
phone lookupfo a business phone num then check out
r
ber
Rwrse Lookup at YP.com.

|<>» r|
0s «
x
e » 8185551212. (81 55-1
8)6 212

HP Cell phone num
bers are no ew
t ailable

Personal iiJ6nnr.inc inform
ationavailable onA ho
nyW
is n« pwaed b A and is p
y T&T
rovided solerf b a
y n
i^affiatedthirdp inteliu Inc Full Di$daim
arly
s.
er

A«bWJPC006 LO K P
OU

n

F I G U R E 3 .7: A n y W h o R e v e r s e L o o k u p P a g e




R e v e r s e lo o k u p w ill re d ire c t y o u to d ie s e a rc h re s u lt p a g e w id i d ie d e ta ile d
in fo rm a tio n o f d ie p e rs o n fo r p a rtic u la r p h o n e n u m b e r

n yp.com
>
^

-

01‫ ־‬em

a il a d d re ss

C

O

a n y w h o yp .ye llo w p a g e s .c o m / re v e rs e p h o n e lo o k u p ?fro m = a n y w h o _c o b ra &

Rose A Christian
‫ ־‬Southfield PI, - - lore. MD 21212

Are you Rose A Christian7 » Remove Listing
»
U n p u b lis h e d

Get Directions

d ir e c to r y re c o r d s a re n o t
d is p la y e d . I f y o u w a n t y o u r

□

Enter Address

r e s id e n t ia l lis t in g r e m o v e d ,
y o u h a v e a c o u p le o f

■Southfield PI. • *K>re, MD 21212
—

o p tio n s :
T o h a v e y o u r lis t in g

•Reverse Directions

u n p u b lis h e d , c o n t a c t y o u r
lo c a l te le p h o n e c o m p a n y .
T o h a v e y o u r lis t in g

C h in q u a p in
Pa r k ‫ ־‬B elvedere

La k e Ev e s h a m

re m o v e d fro m A n y W h o
w it h o u t o b t a in in g a n

Go va n sto w n

u n p u b lis h e d te le p h o n e

W Northern Pkwy t N° '

Ro se b a n k

n u m b e r , f o llo w th e
in s tr u c t io n s p r o v id e d in

M i d -G o v a n s

Dnwci

A n y W h o L is tin g R e m o v a l
t o s u b m i t y o u r lis t in g f o r

' /H
/ e
W ooi

P '‫ *׳‬C a m e ro n
V illa g e

W yndhu rst

r e m o v a l.

Chinqu4p
Pork
K e n il w o r t h P ark
Ro l a n d Park
W in s t o n -G o v a n s

F I G U R E 3 .8 : A n y W h o - R e *e 1 s e L o o k u p S e a r c h R e s u l t

Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d
T o o l/ U t ilit y

111

d ie la b e x e rcise .

W h it e P a g e s ( F i n d p e o p le b y n a m e ) : E x a c t lo c a tio n
o f a p e rs o n w it h a d d re s s a n d p h o n e n u m b e r

A nyW ho

G e t D ir e c t io n s : P r e c is e r o u te to th e a d d re s s fo u n d
t o r a p e rs o n
R e v e r s e L o o k u p ( F i n d p e o p le b y p h o n e n u m b e r ):
E x a c t lo c a tio n o f a p e rs o n w it h c o m p le te a d d re s s




PLE A SE

TA LK

TO


H A V E

Q U E ST IO N S

Questions
1.

C a n v o u c o lle c t a ll th e c o n ta c t d e ta ils o f th e k e y p e o p le o f a n y o rg a n iz a tio n ?

2.

C a n y o u re m o v e y o u r re s id e n tia l lis tin g ? I t v e s , h o w ?

3.

I t y o u h a v e a n u n p u b lis h e d lis tin g , w h y d o e s y o u r in fo rm a tio n s h o w u p

111

A nyW ho?
4.

C a n y o u tin d a p e rs o n

111

A n y W h o th a t y o u k n o w h as b e e n a t th e sa m e

lo c a tio n fo r a y e a r o r le s s ? I f y e s , h o w ?
5.

H o w c a n a lis tin g b e re m o v e d fro m A n y W h o ?

0

Yes

P la t f o r m
0


□ N<
S u p p o rte d

C la s s r o o m

□ !L a b s



People Search Using the Spokeo
Online Tool
Sp o keo is a n o n lin e p eo p le search to o lp ro v id in g re a l- tim e in fo rm a tio n ab o u tp eo p le.
T h is to o l h e lp s n ith o n lin e fo o tp rin tin g a n d a llo w s y o n to d isco ve r d e ta ils a b o u t
p eo p le.

ICON

KEY

(^ 7 Valuable
information
Test your
knowledge
—

W eb exercise

Lab Scenario
F o r a p e n e tra tio n te ste r, it is a lw a y s a d v is a b le to c o lle c t a ll p o s s ib le in fo rm a tio n
a b o u t a c lie n t b e fo re b e g in n in g th e test.
c o lle c tin g p e o p le in fo rm a tio n u s in g th e

111

th e p re v io u s la b , w e le a rn e d a b o u t

AnyWho o n lin e to o l; s im ila rly , th e re a re

m a n y to o ls a v a ila b le th a t c a n b e u se d to g a th e r in fo rm a tio n o n p e o p le , e m p lo y e e s ,
a n d o rg a n iz a tio n s to c o n d u c t a p e n e tra tio n test.

111

tin s la b , y o u w ill le a rn to u se th e

Spokeo o n lin e to o l to c o lle c t confidential information o f k e y p e rs o n s
m

W orkbook review

111

an

o rg a n iz a tio n .

Lab Objectives
T h e o b je c tiv e o t tin s la b is to d e m o n s tra te th e fo o tp rin tin g te c ln n q u e s to c o lle c t

people information u sm g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm a p e o p le
s e a rc h u sm g h tt p :/ / w w w .s p o k e o .c o m .

Lab Environment
111

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

■

A w e b b ro w s e r w ith a n In te r n e t c o im e c tio n

■

A d m in is tr a tiv e p riv ile g e s to ru n to o ls

■


111

th e C E H

la b e n v ir o n m e n t - o n

W indow s S erver

2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7

Lab Duration
T n n e : 5 M in u te s




Overview of Spokeo
S p o k e o a g g re g ates v a s t q u a n titie s o f p u b lic d a ta a n d o rg a n iz e s d ie in fo rm a tio n in to
e a s y - to - fo llo w p ro file s . In fo r m a t io n su c h as n a m e , e m a il a d d re ss , p h o n e n u m b e r,
a d d re ss , a n d u s e r n a m e c a n b e e a s ily fo u n d u s in g th is to o l.

__________ Lab Tasks
~

task

1

1.

People Search
Spokeo


L a u n c h th e

111



: 8 W in d o w s Server 2012

w w i 1P"L

W' W

W d w Se e 2 1 R ieC d ateC
in o s rv r 0 2 eled an id aiacealn
__________________________________________ E lu tio c p .BuW84a
va a n o y

1

D

H


2.

C lic k th e

Google Chrom e a p p to la u n c h th e C h r o m e b ro w s e r

Start

Mwugor

m

Fa

S p o k e o 's p e o p l e

s e a rc h a llo w s y o u t o fin d

Computer

o ld f r ie n d s , r e u n it e w i t h

Q

c la s s m a t e s , t e a m m a t e s a n d

A d m inistrator

Windows
IW r tto ll

Adm
inistr...
Tools

Mannar

Hyppf-V
Virtjal

Command
Prompt

‫יי‬

*‫־‬
Tad(
Marager

^

rn

*

m ilit a r y b u d d ie s , o r f i n d
lo s t a n d d is t a n t fa m ily .

Earth

V
1“ ‫״‬

______

^‫־־‬

©

Adobe
Reader x

‫' ״‘ 1 , ™ ״‬
‫י‬

Gcoglc
chrome

T

•

F I G U R E 4 .2 : W i n d o w s S e r v e r 2 0 1 2 - A p p s

3.

O p e n a w e b b ro w s e r, ty p e

http://w ww .spokeo.com , a n d p re s s Enter o n d ie

k e y b o a rd




4‫־‬

C 'iw vlw
iw iecccrr

sp ck e o
N*m
e

tm
*1

Ho
n *•

itvmna

AMn>

[
m

A p a rt fro m N a m e

Not your grandma's phone book

s e a rc h , S p o k e o s u p p o rts
f o u r ty p e s o f s e a rc h e s :
• E m a il A d d re ss
• Phone N um ber

Qi

• U se rn am e
• R e s id e n tia l A d d r e s s

F I G U R E 4 .3 : S p o k e o h o m e p a g e h t t p : / A f w v p . s p o k e o . c o m

4.

T o b e g in d ie s e a rch , in p u t d ie n a m e o f d ie p e rs o n y o u w a n t to se a rc h fo r
d ie
O M w »<•
** ‫ד‬
■

‫»־‬

G

111

Nam e fie ld a n d c lic k Search
"‫יי‬

‫־.!*׳**?״‬

vw uw
w k'OCC/n

sp ck e o
Emal

Pnw*

Uwrww

M tn i

R o m Chriatan

Not your grandma's phone book

c>

• ‫ ״‬v

m

F I G U R E 4 .4 : S p o k e o — N a m e S e a r c h

5.

m

S p o k e o re d ire c ts y o u to

search results w id i d ie n a m e y o u h a v e e n te re d

S p o k e o 's e m a i l s e a r c h

s c a n s t h r o u g h 9 0 + s o c ia l
n e t w o r k s a n d p u b lic
s o u r c e s t o f i n d d i e o w n e r 's
n a m e , p h o t o s , a n d p u b lic
p r o file s .

F I G U R E 4 .5 : S p o k e o P e o p l e S e a r c h R e s u lt s





m

P u b lic p r o f ile s fr o m

s o c ia l n e t w o r k s a re
a g g re g a te d in S p o k e o a n d
m a n y p la c e s , in c lu d in g
s e a r c h e n g in e s .


8.

S e a rc h re s u lts d is p la y in g d ie
and
<
‫־‬

c

C »TW
A.»po«o<e*n **rcKc- Rove

s p e k e o
1 is

Address. Phone Number, Email Address. City

State, e tc.

0»Contantt

on&»7-t30#Alaba‫׳‬rfl;3 7 3 1 3
&3G91

* SJ

Rom ChiMlan Pntar a C*y

4

------

( M■ ,

1
a

1

s j

Rose Christian
di

v •rant Oeuas

»

©
SL

C onW ei
— Bunptc• I it

‫ ־‬Location Nttory
•

S«o Available K
ccultc

See taaSy Ir••

gyahoo.co‫״‬

M ISuus
mk
So* AvM
lahl* U M
mii ■

UM^orH-). Al J611J

1

Soo Available K
cculfc

T (M a yfim
e
*

ttnyttimnmtH• •artnt‫׳‬e

1 • Fara*1 &*ch«rcu1‫־‬
•
:J
Location Histor.
1 • onetM & J osji Pre*la*
‫׳‬
I 0

;'^ U iovnan. *L 1 1 7
1 iM
61

^

i

»

v





,m i

9.

S e a rc h re s u lts d is p la y in g d ie

Location History

& = y A l l r e s u lt s w i l l b e
d i s p l a y e d o n c e t h e s e a r c h is
c o m p le t e d

spckeo
| Location Hittory


10. S p o k e o s e a rc h re s u lts d is p la y d ie

Family Background, Family Economic

Health a n d Family Lifestyle
C

wJBdmw

s p c k e o

*

^57&‫ ] -־‬A 0 < r » C 3 6
‫ :׳‬O I b 1 r 3 7 >
Ko»e Christian -nteraClty

w yB c p u d
iH a fc ro n

|
1 raudrtIn# rf‫«׳‬Nm• M•* d
•
ir *•

|Fam Eccroiric H » f>
ily
«>
• EfW G ino’
W anjM

F I G U R E 4 .1 0 : S p o k e o P e o p l e S e a r c h R e s u lt s
I U k !! O n l i n e m a p s a n d
s tre e t v i e w a re u s e d b y o v e r

11. S p o k e o s e a rc h re s u lts d is p la y d ie

Neighborhood to r th e s e a rc h d o n e

3 0 0 ,0 0 0 w e b s i t e s , i n c l u d i n g
m o s t o n lin e p h o n e b o o k s

1 *t3 A
7 0«‫ ׳‬latrtm
a:367;

a n d r e a l e s ta te w e b s it e s .

s p ck e o

F I G U R E 4 . 1 1: S p o k e o P e o p l e S e a r c h R e s u lt s




12. S im ila rly , p e rfo rm a
m

Reverse s e a rc h b y g iv in g p h o n e n u m b e r, a d d re ss , e m a il

S p o k e o 's r e v e r s e

p h o n e lo o k u p fu n c t io n s
lik e a p e r s o n a l c a lle r - ID

a d d re ss , e tc .

111

d ie

Search h e ld to fin d d e ta ils o f a k e y p e rs o n o r a n

o rg a n iz a tio n

s y s t e m . S p o k e o 's r e v e r s e
p h o n e n u m b e r s e a rc h

ootejp
.'scafch> t=
S UO&P

■
it

a g g re g a te s h u n d r e d s o f
m illio n s o f p h o n e b o o k

s p o k e o

| ' [(•*25 002-6080 |
)

<,
*

-I

r e c o r d s t o h e lp lo c a t e th e
o w n e r 's n a m e , l o c a t i o n ,

•

Tull Nam Av.ll.bl•
•
9 ‫*>״‬
•

tim e z o n e , e m a il a n d o th e r

•

p u b lic in fo r m a t io n .

Q

WlrilNam

Q

POfc•“ “

( ‫) י‬

n■ ■I
■■

1

AnM*»

V rr© !*•OaUtH
•
1> am om iw cm r*»w»«w . cm M t
iw
m
w
"‫ --- - י־**־־"־‬-

•

__

Locution Hlttcry

------- _

jr.!!
F I G U R E 4 .1 2 : S p o k e o R e v e r s e S e a r c h R e s u l t o f M i c r o s o f t R e d m o n d O f f i c e

Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d
T o o l/ U t ilit y

111

d ie la b e x e rcise .

P r o f ile D e t a ils :
■

C u rre n t A d d re s s

■

Phone N um ber

■

E m a il A d d r e s s

■

M a r it a l S ta tu s

■

E d u c a t io n

■

O c c u p a t io n

L o c a t io n H is t o r y : In f o r m a t io n a b o u t w h e r e th e p e rs o n
Sp okeo

h a s liv e d a n d d e ta ile d p r o p e r t y in f o r m a t io n
F a m il y B a c k g r o u n d : In f o r m a t io n a b o u t h o u s e h o ld
m e m b e rs t o r th e p e rs o n y o u s e a rc h e d
P h o to s &

S o c ia l P r o f ile s : P h o t o s , v id e o s , a n d s o c ia l

n e t w o r k p r o file s
N e ig h b o r h o o d : In f o r m a t io n a b o u t th e n e ig h b o r h o o d
R e v e r s e L o o k u p : D e t a ile d in f o r m a t io n f o r th e s e a rc h d o n e
u s in g p h o n e n u m b e rs




PLE A SE

TA LK

TO


H A V E

Q U E ST IO N S

Questions
1.

H o w d o y o u c o lle c t a ll th e c o n ta c t d e ta ils o f k e y p e o p le u s in g S p o k e o ?

2.

Is it p o s s ib le to re m o v e y o u r re s id e n tia l lis tin g ? I f y e s , h o w ?

3.

H o w c a n y o u p e rfo rm a re v e rs e s e a rc h u s in g S p o k e o ?

4.

L is t th e k in d o f in fo rm a tio n th a t a re v e rs e p h o n e s e a rch a n d e m a il se a rch
w ill y ie ld .

0

Yes

P la t f o r m
0


□

N o

S u p p o rte d

C la s s r o o m

□ !L a b s



Analyzing Domain and IP Address
Queries Using SmartWhois
S m a rtW h o is is a n e tw o rk in fo rm a tio n u tility th a t a llo w s y o n to lo o k u p m o st
a v a ila b le in fo rm a tio n on a hostnam e, IP

ad d ress, o r d o m ain .

Lab Scenario
Valuable
information______

111

th e p re v io u s k b , y o u le a rn e d to d e te rm in e a p e rs o n o r a n o rg a n iz a tio n ’s lo c a tio n

u s in g th e

Spokeo o n lin e to o l. O n c e a p e n e tra tio n te s te r h a s o b ta in e d th e u s e r’s

Test your
knowledge
=

lo c a tio n , h e o r sh e c a n g a th e r p e rs o n a l d e ta ils a n d c o n fid e n tia l in fo rm a tio n fro m th e

W eb exercise

e n g in e e rin g . 111 th is la b , y o u w ill le a rn to u se th e

W orkbook review

u s e r b y p o s in g as a n e ig h b o r, th e

c a b le g u v , o r th ro u g h

th e a v a ila b le in fo rm a tio n a b o u t a n y I P

a n y m e a n s o f s o c ia l

SmartWhois to o l to lo o k u p a ll o l

a d d re ss , h o s tn a m e ,

01‫־‬

d o m a in a n d u s in g

th e se in fo rm a tio n , p e n e tra tio n te ste rs g a m a cce ss to th e n e tw o rk o f th e p a rtic u la r
o rg a n iz a tio n fo r w h ic h th e y w is h to p e rfo rm a p e n e tra tio n test.

Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts a n a ly z e

domain a n d IP address q u e n e s.

T in s la b h e lp s y o u to g e t m o s t a v a ila b le in fo rm a tio n
and

011

a

hostname, IP address,

domain.

Lab Environment
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

111

th e la b y o u n e e d :
■

A c o m p u te r r u n n in g a n y v e r s io n o f

■

A d m in is t r a to r p r iv ile g e s to r u n

■

The

01‫־‬

■

S m artW hois

Sm artW hois to o l, a v a ila b le 111 D:CEH-T 00 lsCEHv 8 M odule 02
Footprinting and R econnaissanceW H O IS Lookup ToolsSm artW hois
d o w n lo a d a b le f r o m h t t p :/ / w w w .ta m o s .c o m

I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111


W indow s w it h In te rn e t a c c e s s

screen sh ots s h o w n

th e la b m ig h t d if f e r



Lab Duration
E Q h t t p :/ / w w w . ta m o s .c o
‫.׳‬

T u n e : 5 M in u te s

Overview of SmartWhois
S m a r tW h o is is n e tw o rk in fo rm a tio n u tilit y th a t a llo w s y o u to lo o k u p m o s t a v a ila b le
in fo rm a tio n
p ro v in c e ,

011

c ity ,

a

hostname, IP address, o r domain, in c lu d in g c o u n try , sta te o r

n am e

of

netw ork

th e

provider,

te c lu iic a l

s u p p o rt

c o n ta c t

in fo rm a tio n , a n d a d m in is tra to r.
m

S m a r tW h o is c a n b e

S m a r tW h o is h e lp s y o u to s e a rc h fo r in fo rm a tio n s u c h as:

c o n fig u r e d t o w o r k f r o m

■

T h e o w n e r o l th e d o m a in

■

T h e d o m a in re g is tra tio n d a te a n d th e o w n e r’s c o n ta c t in fo rm a tio n

■

b e h in d a f ir e w a ll b y u s in g

T h e o w n e r o f d ie I P a d d re ss b lo c k

H T T P / H T T P S p ro x y
s e rve rs. D iff e r e n t S O C K S
v e r s i o n s a r e a ls o s u p p o r t e d .

Lab Tasks
N ote: I f y o u a re w o r k in g
num ber 13

111

th e lL a b s e n v ir o n m e n t, d ir e c tly ju m p to

1.

F o llo w th e w iz a r d - d r iv e n

2.

T o la u n c h th e

step

in s ta lla tio n s te p s a n d in s ta ll S m a r t W h o is .

S ta rt m e n u , h o v e r th e m o u s e c u r s o r

111

th e lo w e r- le ft


m

S m a r t W h o is c a n save

o b t a in e d in f o r m a t io n t o a n
a r c h i v e f i le . U s e r s c a n l o a d
t h is a r c h iv e th e n e x t t im e
t h e p r o g r a m is la u n c h e d


a n d a d d m o r e in fo r m a t io n
t o it . T h i s f e a t u r e a l l o w s

3.

T o la u n c h

S m artW hois, c lic k Sm artW hois

111

apps

y o u t o b u ild a n d m a in t a in
y o u r o w n d a ta b a s e o f I P
a d d resses a n d h o s t n a m e s.




Start
Microsoft
WcrG 2010

Ucrwoft
Office 2010
jptoad‫״‬

Proxy
Workben‫.״‬

a

•

‫לי‬

p lr ^ ?

Snogit !‫ס‬
Editor

jlDtal
VJatworir

5

r

41

S

Adobe
Reader X

Google
Earth

Uninstol

Dcrroin
Name Pro

Uninstall
or Repair

Visual IP
Trace

HyperTra.
Updates

Bl

S'
■
S

<&rt
Googie
Earn n _

J

T

J

Keqster
AV Picture
Vcwrr

W11RAR

Start
Googfe
harm *u

AV Picture
Vicwor

Run Client

Path

VisualKc...
?010

Reqister
HyporTra

HyperIra.

m

A

Hdp

FAQ

Uninstall
UypwTia..

PingPlott•
Standard

■
?

I?

‫ז הי‬

4

Snagit 1
0

‫ה‬
‫•יי‬

&

H

5r

MTTflort
).ONFM

Aeb DMA

Google
Chtomt

Uninstall

;<

C.

o

‫־•י‬

id

f
SnurnMi

4.

MIB
Compier

GEO

Mage
NctTrazc

«

t
R jr Server

•

M«g)Png

Met
ccnfigur..

*>

F I G U R E 5 .2: W i n d o w s S e r v e r 2 0 1 2 — A p p s

TAS K 1
Lookup IP

4.

The

Sm artW hois m a in w in d o w a p p e a rs

ro

Sm artW hois - Evaluation Version

File Query Edit View Settings Help

B|

> 8

1) 8 8

IP, host or domain: 9

There are no results to dtspl...

m

I f y o u n ee d to q u e ry a

n o n - d e fa u lt w h o is s e r v e r o r
m a k e a s p e c ia l q u e r y c lic k
V ie w

W h o is C o n s o le

f r o m th e m e n u o r c lic k th e
Q u e r y b u t t o n a n d s e le c t

Ready

C u s to m Q u ery.

F IG U R E

D
.

T y p e an

5 .3 : T h e S m a r t W h o i s m a i n w i n d o w

IP address, hostnam e, o r dom ain nam e

111

th e fie ld ta b . A

11

e x a m p le o f a d o m a in n a m e q u e ry is s h o w n as fo llo w s , ‫ ־‬w w .g o o g le .c o m .
w
T IP, host or domain: 9 google.com

V

F IG U R E

6.

N o w , c lic k th e

5 .4 : A

Quety

S m a r t W h o is d o m a in s e a rc h

Query ta b to fin d a d ro p - d o w n lis t , a n d th e n c lic k As

Dom ain to e n te r d o m a in n a m e


]

111

th e fie ld .



m

S m a r t W h o i s is

c a p a b le o f c a c h in g q u e r y
r e s u lt s , w h i c h r e d u c e s th e
tim e n e e d e d t o q u e r y a n
a d d re s s ; i f th e in fo r m a t io n
i s i n t h e c a c h e f i l e i t is
im m e d ia t e ly d is p la y e d a n d
n o c o n n e c tio n s to th e
w h o i s s e r v e r s a r e r e q u ir e d ..

F IG U R E

7.

5 .5 : T h e S m a r t W h o i s — S e l e c t i n g Q u e r y t y p e

111 th e le f t p a n e o f th e w in d o w , th e
d is p la y s d ie re s u lts o f y o u r

m

resu lt d is p la y s , a n d d ie r ig h t p a n e

query.

S m a r t W h o is c a n

S m a rtW h o is ‫ ־‬Evaluation Version

p r o c e s s li s t s o f I P


a d d re s s e s , h o s tn a m e s , o r
d o m a in n a m e s s a v e d as
p la in t e x t ( A S C I I ) o r

IP, host or domain: J

U n i c o d e f i le s . T h e v a l i d

google.com

7]

< Query ■
>
‫׳‬

f o r m a t f o r s u c h b a t c h f i le s
is s im p le : E a c h lin e m u s t
b e g in w it h a n I P

9009 le.c0 m

a d d ress,

n

h o s tn a m e , o r d o m a in . I f
y o u w a n t to p ro c e s s
d o m a in n a m e s , th e y m u s t
b e l o c a t e d i n a s e p a r a t e f i le
fro m I P

ad d resses a n d

h o s tn a m e s .

Dns Admin
Google Inc.
Please contact contact-admingSgoogle.com 1600 Amphitheatre Parkway
Mountain View CA 94043
United States
dns-admin©google.com *1.6502530000 Fax: ♦
1.6506188571

DNS Admin
‫ ו‬Google Inc.
1600 Amphitheatre Paricway
United States
dns-admin@qooale.com ♦1.6506234000 Fax: . 1.6506188571
DNS Admin
I Google Inc.
2400 E. Bayshore Pkwy
United States
dns-adm1 9009 le.c0 m ♦1.6503300100 Fax: ♦
ngi
1.6506181499
ns4.google.com
1 ns3.google.com

F IG U R E

8.

C lic k th e

C le a r ic o n

5 .6 : T h e S m a r t W h o i s — D o m a i n q u e r y r e s u l t

111

th e t o o lb a r to c le a r d ie h is to r y .

Sm a rtW h o is ‫ ־‬E valu atio n V ersion


JT

^

B>

F IG U R E

—

t

9.

T o p e r fo r m a s a m p le

5 .7 : A

S m a r t W h o is t o o lb a r

host nam e query, ty p e w w w .fa c e b o o k .c o m .

Host Nam e Query




10. C lic k th e
h o s tn a m e
IP, host or domain: i

Query ta b , a n d d ie n s e le c t As IP /H ostnam e a n d e n te r a
111

d ie fie ld .
v ^ c^ Q uery^ ^

facebook.com

F IG U R E

11.
m

I f y o u w a n t to q u e ry a

111

5 .8 : A

S m a r t W h o is h o s t n a m e q u e ry

th e le f t p a n e o f th e w in d o w , th e

resu lt d is p la y s , a n d

p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r

d o m a in r e g is tr a tio n

111

th e r ig h t

query.

Sm artW hois * Evaluation Version

d a ta b a s e , e n t e r a d o m a in
n a m e a n d h it th e E n t e r k e y
w h ile h o ld in g th e C t r l k e y ,
o r ju s t s e le c t A s D o m a i n

File Query Edrt View Settings Help

0

3 ? ‫ ״ £* ״‬A

■t 'T

S

B>

3>

IP, host or domain: J www.facebook.com

< Query
>

fr o m th e Q u e r y d ro p d o w n

U
Domain Administrator
Facebook, Inc.
1 0 Willow Road
61
Menlo Park CA 94025
United States
domainffifb.com -1.6505434800 Far «•1.65 5 4 00
0 43 8

3

‫ ו‬Facebook, Inc.
1 0 Willow Road
61
Menlo Park CA 94025
United States
domain®fb.com -1.6505434800 Fax: ♦1.6505434800
1 Facebook, Inc.

1 0 Willow Road
61
Menlo Park CA 94025
United States
doma1
nffifb.com ♦
1.6505434800 Fax: « 1.6505434800
•
ns3.facebook.com
, ns5.facebook.com

J
m

I f y o u ’r e s a v i n g

r e s u lt s a s a t e x t file , y o u c a n

F IG U R E

5 .9 : A

S m a r t W h o i s h o s t n a m e q u e r y r e s u lt

s p e c if y t h e d a ta fie ld s t o b e
s a v e d . F o r e x a m p le , y o u

12. C lic k th e

C le a r ic o n

111

th e t o o lb a r to c le a r th e h is to r y .

c a n e x c lu d e n a m e s e r v e r s
o r b illin g c o n t a c t s f r o m th e

13. T o p e r fo r m a s a m p le

IP Address q u e ry , ty p e th e I P a d d re s s 1 0 .0 .0 .3

o u t p u t f i le . C l i c k
S e t t in g s ‫ ) ־‬O p t io n s ‫ ^ ־‬T e x t
&

(W in d o w s 8 I P a d d re s s )

111

th e

IP, host or dom ain fie ld .

X M L t o c o n fig u r e th e

o p tio n s .

IP, host or domain:

^

10.0.0.3

F IG U R E

5 .1 0 : A

S m a r t W h o is I P

14. 111 th e le f t p a n e o f th e w in d o w , th e

ad d ress q u e ry

resu lt d is p la y s , a n d

p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r


111

th e r ig h t

query.



^3

SmartWhois - Evaluation Version

! ‫ ־־‬I ‫ ם‬r

x

‫י‬

Tile Query Edt View Settings Help

■®
j‫׳‬

b

b
v

IP, hast or domain; | 9 10.0.0.3

L

0

10.0.0.0 -10.255.255....

^

10.0.0.3

X X

H=y1

10.0.0.0 10255.255.255

I
.

Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey
CA
90292-6595
United States

S m a r t W h o is s u p p o rts
69

c o m m a n d lin e p a ra m e te r s

!{ Query »
=
>

s p e c ify in g I P

Internet Corporation for Assigned Names and Number
1-310-301 •5820
9buse©1ana,org

«
•

y Internet Corporation for Assigned Names aid Number
jj;
A abuseO1ana.0 rg
»
301-5820■ ‫וג‬
0‫-י‬

a d d r e s s / h o s t n a m e / d o m a in
, a s w e l l as file s t o b e
opened /saved.

[n

l ‫ > ־‬PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED
‫־‬
Updated: 2004-02-24
Source: whois.arin.net
Completed at 7/30/2012 12:32:24 PM
Processing time: 0.14 seconds
View source

_________________J

Done

F IG U R E

5 .1 1 : T h e S m a r t W h o i s I P

q u e r y r e s u lt

Lab Analysis
D o c u m e n t a ll th e I P a d d re s s e s / h o s tn a m e s f o r th e la b t o r f u r th e r in f o r m a t io n .
T o o l/ U t ilit y

D o m a in n a m e q u e r y r e s u lt s : O w n e r o f th e w e b s ite
H o s t n a m e q u e r y r e s u lt s : G e o g r a p h ic a l lo c a tio n o f

S m a r t W h o is

th e h o s te d w e b s ite
IP

a d d r e s s q u e r y r e s u lt s : O w n e r o f th e I P a d d re s s

b lo c k

PLE A SE

TA LK

TO

Y O U R IN S T R U C T O R IF YO U

H A V E

Q U E ST IO N S

Questions
1.

D e te rm in e w h e th e r y o u c a n u se S m a r tW h o is i f y o u a re b e h in d a fir e w a ll o r
a p ro x y s e rv e r.

2.
3.


W h y d o y o u g e t C o n n e c tio n tim e d o u t o r C o n n e c tio n fa ile d e rro rs ?
Is it p o s s ib le to c a ll S m a r tW h o is d ire c d y fro m m y a p p lic a tio n ? I f y e s , h o w ?



4.

W h a t a re L O C re c o rd s , a n d a re th e y s u p p o rte d b y S m a r tW h o is ?

5.

W h e n ru n n in g a b a tc h q u e ry , y o u g e t o n ly a c e rta in p e rc e n ta g e o f th e
d o m a in s / IP a d d re sse s p ro c e s s e d . W h y a re s o m e o f th e re c o rd s u n a v a ila b le ?

□

Yes

P la t f o r m
0


□ N o
S u p p o rte d

C la s s r o o m

0

!L a b s



Lab

Network Route Trace Using Path
Analyzer Pro
P a th A n a ly s e r P ro d e liv e rs ad van ced n e tw o rk ro u te tra c in g n ith p e rfo rm a n ce tests,
D N S , w ho/s, a n d n e tiro rk re so lu tio n to in ve stig a te n e tiro rk issu es.

Lab Scenario
Valuable
information______

U s in g th e in fo rm a tio n

IP address, hostname, domain, e tc. fo u n d

111

th e p re v io u s

la b , a cce ss c a n b e g a in e d to a n o rg a n iz a tio n ’s n e tw o rk , w h ic h a llo w s a p e n e tra tio n
Test your
knowledge
=

W eb exercise
W orkbook review

te s te r

to

p o s s ib le

th o ro u g h ly

le a rn

v u ln e ra b ilitie s .

about

T a k in g

th e
a ll

o rg a n iz a tio n ’s
th e

in fo rm a tio n

p e n e tra tio n te ste rs s tu d y th e sy ste m s to tin d d ie b e s t

n e tw o rk

e n v iro n m e n t

g a th e re d

in to

fo r

a c c o u n t,

routes of attack. T h e sa m e

task s c a n b e p e rfo rm e d b y a n a tta c k e r a n d th e re s u lts p o s s ib ly w ill p ro v e to b e v e r y
fa ta l fo r a n o rg a n iz a tio n .
c o m p e te n t to tra c e

s u c h cases, as a p e n e tra tio n

111

te s te r y o u

s h o u ld b e

netw ork route, d e te rm in e netw ork path, a n d tro u b le s h o o t

netw ork issues. H e r e y o u w ill b e g u id e d to tra c e d ie n e tw o rk ro u te u s in g d ie to o l
Path Analyzer Pro.

Lab Objectives
The

o b je c t iv e

o f tin s

n e t w o r k p a th s , a n d I P

la b

is

to

h e lp

s tu d e n ts

research em ail addresses,

a d d re s s e s . T h is la b h e lp s to d e te rm in e w h a t I S P , r o u te r ,

o r s e rv e rs a re re s p o n s ib le f o r a

n e tw o rk problem.

Lab Environment
H Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

111

th e la b y o u n e e d :
■

D :CEH-ToolsCEHv 8
M odule 02 Footprinting and R econ n a is s a n c e T ra c e ro u te ToolsPath
A nalyzer Pro

■

Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f

P a t h A n a ly z e r p ro : P a t h A n a ly z e r p r o is lo c a te d a t

■

111


Path A n alyzer Pro fr o m

th e lin k h tt p :/ / w w w .p a t h a 11a ly z e r .c o m / d o w n lo a d .o p p



All Rights Reserved. Reproduction is Stticdy Prohibited.


W indow s S erver 2 0 1 2

■

In s t a ll tin s t o o l o n

■

D o u b le - c lic k

■

F o llo w th e w iz a r d d r iv e n in s ta lla t io n to in s ta ll it

■

A d m in is t r a t o r p r iv ile g e s to r u n

PAPro27.m si

Path A nalyzer Pro

Lab Duration

Overview of Network Route Trace
T ra c e ro u te

is

a c o m p u te r n e t w o r k

tra n s it tim e s

of

p a c k e ts

a c ro s s

to o l
an

lo r

m e a s u rin g

In t e r n e t

p ro to c o l

route path a n d

th e
(IP )

n e tw o r k .

The

tra c e ro u te t o o l is a v a ila b le o n a lm o s t a ll U n ix - lik e o p e r a tin g s y s te m s . V a r ia n t s ,
T r a c e r o u t e is a

su ch

as

tra c e p a th o n m o d e r n L in u x in s ta lla tio n s a n d tra c e rt o n M ic r o s o f t

s y s te m a d m in is t r a t o r s ’
u t ilit y to tr a c e th e r o u te I P

W in d o w s o p e r a tin g s y s te m s w it h s im ila r f u n c tio n a lit y , a re a ls o a v a ila b le .

p a c k e ts ta k e fr o m a s o u rc e
s y s te m t o s o m e d e s t in a t io n
s y ste m .

Lab Tasks
1.

F o llo w th e w iz a r d - d r iv e n in s ta lla t io n s te p s to in s ta ll P a t h A n a ly z e r P r o

2.

T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft



3.

T o la u n c h

Path A nalyzer Pro, c lic k Path A nalyzer Pro

Start
&

111

apps

A dm inistrator

£

P a t h A n a ly z e r P r o

s u m m a r iz e s a g iv e n tra c e

Server
M 1 nye1
<

w it h in s e c o n d s b y

Wncawi
PuwerStiell

f
—

w i t h a ll t h e im p o r t a n t
in fo r m a t io n o n th e ta rg e t—
w e c a ll t h is d ie S y n o p s is .

Task
Manager

Admimstr..
Tooh

Mozilla
Fkiefctt

ttyp*f-V
Manager

hyperV
Virtual
Machine

m

Compute

g e n e r a t in g a s im p le r e p o r t

<0

*

‫יי‬

&

Command
Prompt

Google
Chrome

‫פי‬

<
o

Google
fcarth

Adobe
Reader X

j


Path
Aiktyiet
Pt02J

X



F I G U R E 6 .2 : W i n d o w ' s S e r v e r 2 0 1 2 — A p p s

E valu ate b u tto n

4.

C lic k th e

5.

T h e m a in w in d o w o f P a t h A n a ly z e r P r o a p p e a rs as s h o w n in th e

011

R e g is tr a t io n F o r m

f o llo w in g s c re e n s h o t

‫מ‬

Path Analyzer Pro

File

Vgm

Hep

« 9
New

Trace N etw ork

4

0092

P‫־‬efcrercE£

rsr ini &

Paae Setup

Print

Exoort Export KM.

Chedc for Ibdstes

StandardOptions
Protoca)

Port: 3 Smart 65535 C

< IC 5
DM
IO

TO
>
O ucp

(J

Help

'C‫ ‘׳‬Report

N*T-f*rx»/

*fji Svnooab | ( 3 Charts [ Q

Geo | yl loo | O

Trace

|Onc-ttroe Trace

Sfcfa

source Pat
I □ RcnJw [65535

^

Tae Mods
r cs
I (•) Defaiit
I C) FIN5*oc*tt fW/

ASN

NetivorkNam %
e

‫ ־‬Acvanced Probe Detak
_cr‫ ־‬J ‫ ־‬of potkct
g‫׳‬
Srrart

T]

6^

U tim
fe
1 O
SC

nr*sec0ncs

Type-cf-55rvce
(•) Urspcaficc
O NWnte-Dday
M3x1mun T 1
T_

I”
lr»tai Seqjerce Mmfce‫־׳‬

[*j Ran^orr |l
U

J

F IN

-$

P a c k e t s O n ly -

g e n e ra te s o n ly T C P p a c k e ts
w it h th e F I N

fla g s e t in
‫־‬acct^otu

o r d e r t o s o lic it a n R S T o r

^

r■0 03la

T C P re s e t p a c k e t as a

F IG U R E

6 .3 : T h e P a t h A n a l y z e r P r o M a i n w i n d o w

r e s p o n s e f r o m th e ta rg e t.
T h is o p tio n m a y g e t
b e y o n d a fir e w a ll at th e

6. S e le c t th e

ta rg e t, th u s g iv in g th e u s e r

IC M P p r o to c o l in th e Standard Options s e c tio n .
Standard Options
Protocol

m o r e tr a c e d a ta , b u t it
c o u ld b e m is c o n s t r u e d a s a
m a lic io u s a tta c k .

©

ICMP |

O

TCP

0

UDP

□

NAT-friendly

Source Port
1 I Random

65535

-9-

Tracing Mode
( • ) D efault
O

A daptive

O

FIN Packets Only

F IG U R E

m

P a d i A n a ly z e r P r o

s u m m a r iz e a ll t h e r e le v a n t
b a c k g r o u n d in fo r m a t io n o n

7.

U nder

6 .4 : T h e P a t h A n a l y z e r P r o S t a n d a r d O p t i o n s

A dvanced Probe D etails, c h e c k th e S m art o p tio n

of p a c k e t s e c tio n a n d le a v e th e r e s t o f th e o p tio n s

111

111

th e

Length

tin s s e c tio n a t

th e n ‫ ־‬d e fa u lt s e ttin g s .

it s ta r g e t, b e i t a n I P
a d d re ss, a h o s tn a m e , o r a n
e m a il a d d ress.


Note: F ir e w a ll is r e q u ire d to b e d is a b le d f o r a p p r o p r ia te o u tp u t



m

Advanced Probe Details
Length o f packet

P a d i A n a ly z e r P r o

b e n e f it s :

■

R e s e a rc h I P

0

ad d resses,

Smart

64

Lifetime

e m a il a d d re s s e s , a n d
n e t w o r k p a th s
*

300

P in p o in t a n d

milliseconds

tr o u b le s h o o t n e t w o r k
a v a ila b ilit y a n d

Type-of-Service

p e r f o r m a n c e is s u e s
■

(§) Unspecified

D e te r m in e w h a t I S P ,

O

r o u t e r , o r s e r v e r is
r e s p o n s ib le f o r a
n e t w o r k p r o b le m
■

Minimize-Delay

Maximum TTL
30

L o c a t e fire w a lls a n d
o t h e r filt e r s t h a t m a y b e
im p a c t in g c o n n e c t io n s

■

Initial Sequence Number

V i s u a l l y a n a ly z e a

0

Random

1

n e t w o r k 's p a th
c h a r a c t e r is t ic s
*

jitte r , a n d o t h e r f a c to r s

■

F IG U R E

8.

111 th e

9.

hops

A dvanced T racin g D etails s e c tio n , th e o p tio n s r e m a in a t th e ir

d e fa u lt s e ttin g s .

T r a c e a c t u a l a p p lic a t io n s
a n d p o r t s , n o t ju s t I P

■

6 .5 : T h e P a t h A n a l y z e r P r o A d v a n c e d P r o b e D e t a i l s w i n d o w

G r a p h p r o t o c o l la t e n c y ,

C h eck

Stop on control m essages (ICM P)

111

th e

A dvan ce T racing

D etails s e c tio n

G e n e r a t e , p r in t , a n d
e x p o r t a v a r ie t y o f

Advanced Tracing Details
Work-ahead Limit

im p r e s s iv e r e p o r ts
‫י‬

P e rfo rm

c o n t in u o u s a n d

5

t i m e d t e s t s w i d i r e a l-

01 TTLs

t im e r e p o r tin g a n d

Minimum Scatter

h is to r y

20

milliseconds

Probes per TTL
Minimum:
Maximum:

10

V ] Stop on control messages flC M Pj
F IG U R E

6 .6 : T h e P a t h A n a l y z e r P r o A d v a n c e d T r a c i n g D e t a i l s w i n d o w

10. T o p e r fo r m th e tra c e a fte r c h e c k in g th e s e o p tio n s , s e le c t th e ta rg e t h o s t,
fo r in s ta n c e w w w .g o o g le .c o m . a n d c h e c k th e P o r t :

S m art as d efa u lt

(65535).
T arg et:

w w w.google.com

0

F IG U R E

6 .7 : A

Sm art

]6 5 5 3 5 'Q ' I

Trace

| | One-time Trace

P a t h A n a ly z e r P r o A d v a n c e T r a c in g D e ta ils o p tio n

N o t e : P a t h A n a ly z e r
P r o is n o t d e s ig n e d t o b e

11. 111 th e d ro p - d o w n m e n u , s e le c t th e d u r a tio n o f tim e as

T im ed T ra c e

u s e d a s a n a t t a c k t o o l.

Target:

ww w .google.com

Po rt: 0

F IG U R E

12. E n t e r th e

6 .8 : A

Sm a rt

65535

Trace

] [‫־‬Timed Trace

P a t h A n a ly 2 e r P r o A d v a n c e T r a c in g D e ta ils o p tio n

Type tim e o f tra c e

111

th e p r e v io u s ly m e n tio n e d fo r m a t as

H H : M M : SS.




£3 Type time of trace!_ !_ [

x

Accept

<>

-0-3

Q

0

<>

Time o f trace (hh:mm:ss)

Cancel

SB TASK 2
F IG U R E

T race Reports

6 .9 : T h e P a t h A n a l y z e r P r o T y p e t i m e o f t r a c e o p t i o n

T ra c e ta b c h a n g e s

13. X lu le P a th A n a ly z e r P r o p e rfo rm s th is tra c e , th e
a u to m a tic a lly to
T a rg et:

Stop.

vvww.google.com

P o rt:

F IG U R E

6 .1 0 : A

3

Sm art

180

Stop

Timed Trace

P a t h A n a ly z e r P r o T a r g e t O p t io n

14. T o se e th e tra c e re s u lts , c lic k th e

R eport ta b to d is p la y a lin e a r c h a rt

d epicting th e n u m b e r o f h o p s b e tw e e n y o u a n d th e ta rg e t.
Target‫ ׳‬vw .Q oge co
w O
rr
H = yj T h e A d v a n c e d P r o b e

| Titred‫ ־‬ra e
Tc

O Report 5 ‫ ־‬Svnoow 3 C
harts vj G
eo

Loc (3 Stats

D e t a i l s s e t t in g s d e t e r m i n e
h o w p r o b e s a re g e n e ra te d
to p e r fo r m th e tra c e . T h e s e
in c lu d e th e L e n g t h o f
p a c k e t, L ife tim e , T y p e o f
S e r v ic e , M a x im u m T T L ,
a n d In it ia l S e q u e n c e
N u m b e r.

IP Adciesj

|Hop
No icplv
n
4
No reply
6
7
8
9
IQ

Hostname

packets received from TTLs 1 through 2
1 » 1.17
r»
1
29
1
pockets received from TTL 5
1
1.SZ
2
.95
;
1145
‫נ‬
7
■
M i 176
rric

Network Ncme % lo»s

13209
4755

‫ י‬v...
98.static.52
1.95
).145
2100.net

F IG U R E

15. C lic k th e

ASN

.n«t
5.29.static■

6 .1 1 : A

4755
151&9
15169
15169
15169

Krln Latency

Latency

Avg Latency Max Latency

StdDev

0.0c
0.00

GOOGLE
GCOGLE
GOOGLE
GOOGLE

3.96
4.30

257.78
lllllllllllllllllllllll127924

63179
77 13
61

OJM
JJC
DC
O
3.X
0JX

1663
25T7
2582
2607
25.W

lllllllllllllllll
llllllllllllllllll
lllllllllllllllllll
!lllllllllllllllllll
lllllllllllllllllllll

567.27
62290
660.49
66022
71425

1

165.07
227.13
176.7S
‫77.18־‬
208.93
2C3.45
219.73

251.84
260.64
276.13
275.12
309.08

P a t h A n a ly z e r P r o T a rg e t o p tio n

Synopsis ta b , w h ic h d is p la y s a o n e - p a g e s u m m a r y o f y o u r

tra c e re s u lts .
Taroet: I wv»w.gxgte.:om
m

Trace

lined Trace

L e n g th o f p a c k e t:

T h is o p t i o n a llo w s y o u to

Report |

Sy-Kpnc |‫־‬
E

Chorto j ^

Geo | [gj log | 1 Stota
>‫י‬

s e t th e le n g t h o f t h e p a c k e t
f o r a tra c e . T h e m in im u m
s iz e o f a p a c k e t , a s a

Forward DNS (A records)

74.125■236.176

g e n e r a l r u l e , is
a p p r o x im a t e ly 6 4 b y te s ,
d e p e n d in g o n th e p r o t o c o l
u s e d . T h e m a x i m u m s iz e o f

R ev ers e DNS (PT R- iccotd) *r/vw.l.google.o
Alternate Name
w.vw.gocg o co.

a p a c k e t d e p e n d s o n d ie
p h y s i c a l n e t w o r k b u t is
g e n e r a lly 1 5 0 0 b y te s f o r a
r e g u la r E t h e r n e t n e t w o r k
o r 9 0 0 0 b y te s u s in g G ig a b it
E t h e r n e t n e tw o r k in g w ith

REGISTRIES
The orgamzaton name cn fi e at the registrar for this IP is Google Inc. and the organization associated *ith the originating autonomous system is Google Inc.

ju m b o fr a m e s .
INTERCEPT
The best point cf lav/u intercept is within the facilities of Google Inc..

F IG U R E


6 .1 2 : A

P a t h A n a ly z e r P r o T a r g e t o p tio n



m

16. C lic k th e

TASK

C harts ta b to v ie w th e re s u lts o f y o u r tra c e .

3
Target: I mvw.goo^c.a:

Port: @ Smait [80

‫־‬Race

| |Timed‫־‬
nace

V iew Charts
Repat 1 3■ Synopsis | ^

0

Chars | U

Geo | [g] Log | 51 Stats [

‫^ כ‬

;

: sa
e g
‫כ‬B

S
S

6
0
0
5
0
0
4
0
0

E 0
0
%3
zo
o
1
0
0
0
Ao a
n mly
m

.


u s e s S m a r t as t h e d e fa u lt
L e n g t h o f p a c k e t. W h e n
t h e S m a r t o p t i o n is
c h e c k e d , d ie s o ftw a r e
a u t o m a t i c a l l y s e le c t s d i e
m in im u m

s iz e o f p a c k e t s

F IG U R E

6 .1 3 : T h e P a t h A n a l y z e r P r o C h a r t W i n d o w

b a se d o n th e p ro to c o l
s e le c t e d u n d e r S t a n d a r d
O p tio n s .

17. C lic k

Geo, w h ic h d is p la y s a n im agin ary w o r ld m a p fo r m a t o t y o u r

tra c e .

—

TASK

4

V iew Im aginary
Map

F IG U R E


6 .1 4 : T h e P a t h A n a l y z e r P r o c h a r t w i n d o w



18. N o w , c lic k th e

TASK

5

V ital Statistics

S ta ts ta b , w h ic h fe a tu r e s th e V ita l S ta tis tic s o f y o u r

c u r r e n t tra c e .
Taiact;

* av».google,:on
•

C'

1

SjTooss

ort: f✓ Smart
---------------- q ‫& ־‬
£3 charts I O Geo

-

3
0

'

|

Tracc

iTimsdTrocc

|2 ‫ ל‬Slats

«

Source

m

M a x im u m T T L : T h e

m a x im u m T i m e t o L i v e
( T T L ) is t h e m a x im u m

Target

Protocol

Distance

Avg Latency

Trace Began

Trace Ended

Filters

10.0.D2 (echO WN-MSSRCK4K41J
:
10.0.02 (ethO: WNMSSELCK4K41
10.0.D2 (cthO: W N MSSELCK4K41
‫־‬C.0.D2 (tr.hC V/ N-MS5ELCK4K41
‫:׳‬
1C.0.02 («h0! W N-MSSELCK4K41
10.0.02 (cthO: WN MSSELCK4K41
10.0.02 (cthC‫ .׳‬W N MSSELCK4K41
‫־‬
1C.0.02 (e‫.׳‬h • W N-MS5RCK4K41
C:
10.0.02 («h0- WN-MSSHCK4K41;
1C.0.02 (cthO: W N MSSELCK4K41
10.0.02 (ethO. WN-MSSELCK4K41
1C.0.02 (e.hC‫ .׳‬W N MSSELCK4K41
10.0.02(*h0-WN-MSSH( K4K4I;
1C.0.0 ‫( י‬cthC‫ :׳‬W N MSSUCK4K41
10.0.02 (cthO. W NMSSCLCK4K41
10.0.02 (e‫׳‬h0: W N-MSSELCMK41
10.0.02 («h0• W N-MSSHl K4K4I;
1C.0.0 ‫( י‬cshC‫ :׳‬W N MSSELCMK-11
10.0.02 (ehO. W M-MSSELCK4K41

74.125256.176
74.125236.176
74.125236.176
74.125236.176
74.125256.176
74.125236.176
74.125236.176
74.125236.176
74.125256.176
74.125236.176
74.125236.176
74.125236.176
74.125256.176
74.125236.176
74.125236.176
74.125236.1 ‫6ל‬
74.125256.176
74.125236.176
74.125236.176

ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP

1
0
10
10
10
1
0
10
10
10
1
0
1
0
1
0
1
0
10
1
0
10
10
10
10
10

30908
323.98
353.61
37941
39016
404.82
417^4
435.14
42423
421.11
465.05
437.93
44992
446.94
443.51
497.68
5833
681.78
649.31

3 - 1 1 1 11
0 1 1 - 2 :55:11 UTC
30 Jul 12 11
:55:01 UTC
Jul 3 121‫:־‬UTC 54
0
:51
3C-Jul-12 1 :54:41 UTC
*
3 *1 1 - 2 11:54:32 UTC
0 111
30-Jul-1211:54-22 UTC
3 Jul 1 11:54:12 UTC
0
2

50-JuH2 1 :5 - 1 UTC
1 52
30-Jul-12 11:55:11 UTC
30 Jul-12 11
:55.01 UTC
30-Jul-12 11:54:51 UTC
JO-iul-1 11:5441 UTC
2
30 Jul 12 11:54:32 UTC
30 Jul 12 11:5422 UTC
30-JuM2 11:54:12 UTC
50-luM2 11:54€2 UTC
30 Jul 1 11:53:52 UTC
2
30-Jul-l2 11:5343 UTC
30‫־‬JuH2 11:53 33 UTC
tO JuU2 1 :55-24 UTC
1
30 Jul 1 11:53:14 UTC
2
30-Jul-1211;5304 UTC
30-JuM2 11:52.54 UTC
J0-luU2 11:5245 UTC
30 Jul 1 11:52:35 UTC
2
30-Jul-1 11:5225 UTC
2

2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2

311J1-1225a1c
c u 11:5*52 UTC
- M: 42r
r r
3- 1
0
30-Jul 12 11:53:43 UTC
121-3C*Jul ‫: ו‬UTC 53:33
30‫־‬JuM2l 1:5324 UTC
J0-luM2 11:53:14UTC
30 Jul 1211:5304 UTC
30-Jul-1 11:52:54UTC
2
30-JuM2 11:52:45UTC
30-luH2 11:52:35UTC
30 Jul 12 11:5225 UTC
30-JuH2 11:52:15UTC

n u m b e r o f h o p s to p ro b e
in a n a tte m p t to re a c h th e
ta rg e t. T h e d e fa u lt n u m b e r
o f h o p s is s e t t o 3 0 . T h e

Source
10.0.02 (ethO: W N-MSSELCK4K41

Target

Protocol

74.125256.176

ICMP

Distance
10

Avg Latency

Trace Segan

46.5771

30-JU-12 11:52:16 UTC

Trace Ended
50-Jul-121 :55-21 UTC
1

Filters
2

M a x im u m T T L th a t c a n b e
u s e d is 2 5 5 .

F IG U R E

19. N o w
File

Export th e r e p o r t b y c lic k in g Export o n th e to o lb a r.

View

Help

9
New

Close

®
f t
Paae Setup Print

Preferences
F IG U R E

20. B v

6 .1 5 : T h e P a t h A n a l y z e ! P r o S t a t i s t i c s w i n d o w

Export

Export KML

Check for Updates

Help j

6 .1 6 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w

d e fa u lt, th e r e p o r t w ill b e

saved

at

D:Program Files (x 86 )Path

A nalyzer Pro 2.7. H o w e v e r , y o u m a y c h a n g e it to y o u r p r e fe r r e d
lo c a tio n .

Save File

‫־‬m

Save Statistics As
«

Organize

Program File...

► Path Analyzer Pro 2.7

v

C

Search Path Analyzer Pro 2.7

z|

1= - ® I

N e w folder

Downloads

Date m odified

Type

Recent places
N o items m atch you r search.
Libraries
H
m

T h e In it ia l S e q u e n c e

N u m b e r is s e t a s a c o u n t in g

Docum ents

J*

M usic

E

Pictures

5

Videos

m e c h a n is m w it h in th e
p a c k e t b e tw e e n th e s o u rc e
a n d t h e t a r g e t . I t is s e t t o
R a n d o m as th e d e f a u lt , b u t

1 % Com puter

y o u c a n c h o o s e a n o th e r
s t a r t in g n u m b e r b y

Local Disk (C:)
la

Local Disk (D:)

~

<

u n c h e c k in g th e R a n d o m
b u t t o n a n d fillin g in

File name:

Sam ple Report

Save as type:

CSV Files (c sv )

a n o t h e r n u m b e r . P le a s e
N o t e : T h e In it ia l S e q u e n c e
N u m b e r a p p lie s o n l y t o
T C P c o n n e c t io n s .

H ide Folders

F IG U R E


6 .1 7 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w



Lab Analysis
D o c u m e n t th e I P a d d re s s e s th a t a re tra c e d f o r th e la b f o r f u r th e r in f o r m a t io n .
T o o l/ U t ilit y

R e p o rt:
■

N u m b er o f hops

■

I P a d d re s s

■

H o s tn a m e

‫י‬

A SN

■

N e tw o rk n am e

■

L a te n c y

S y n o p s is : D is p la y s s u m m a r y o f v a lu a b le
in f o r m a t io n

011

D N S , R o u tin g , R e g is tr ie s , In t e r c e p t

C h a r t s : T r a c e re s u lts

111

th e fo r m o f c h a r t

G e o : G e o g r a p h ic a l v ie w o f th e p a th tra c e d
S t a t s : S ta tis tic s o f th e tra c e

P LE A S E

TA LK

TO


H A V E

Q U E ST IO N S

Questions
1.

W h a t is d ie s ta n d a rd d e v ia tio n m e a s u re m e n t, a n d w h y is it im p o rta n t?

2.

I f y o u r tra c e fa ils o n th e firs t o r s e c o n d h o p , w h a t c o u ld b e th e p ro b le m ?

3.

D e p e n d in g o n y o u r T C P tra c in g o p tio n s , w h y c a n 't y o u g e t b e y o n d m y lo c a l
n e tw o rk ?

0

Yes

P la t f o r m
0


□

N o

S u p p o rte d

C la s s r o o m

□ !L a b s



Tracing an Email Using the
eMailTrackerPro Tool
e M a ilT ra c k e rP ro is a to o l th a t a n a ly se s e n / a il h ead ers to d isclo se th e o rig in a l sen d er’
s
lo ca tio n .

Lab Scenario
V a lu a b le

m fonnatioti______

s
*d

Test your
knowledge
W eb exercise

111

th e p re v io u s k b , y o u g a th e re d in fo rm a tio n s u c h as n u m b e r o f

th ro u g h ro u te rs

hops b e tw e e n a

IP address, e tc . A s y o u k n o w , d a ta p a c k e ts o fte n h a v e to g o

h o s t a n d c lie n t,

01‫־‬

fire w a lls , a n d a h o p o c c u rs e a c h tim e p a c k e ts a re p a sse d to th e

n e x t ro u te r. T h e n u m b e r o f h o p s d e te rm in e s th e d is ta n c e b e tw e e n th e s o u rc e a n d
d e s tin a tio n h o s t. A n a tta c k e r w ill a n a ly z e th e h o p s fo r d ie fir e w a ll a n d d e te rm in e d ie
p ro te c tio n la y e rs to h a c k in to a n o rg a n iz a tio n o r a c lie n t. A tta c k e rs w ill d e fin ite ly trv

m

W orkbook review

to h id e d ie k tm e

identity a n d location w h ile in tru d in g in to a n o rg a n iz a tio n

01‫־‬

a

c lie n t b y g a in in g ille g a l a ccess to o th e r u s e rs ’ c o m p u te rs to a c c o m p lis h th e ir task s. I f
a n a tta c k e r u se s e m a ils as a m e a n s o f a tta c k , it is v e r y e s s e n tia l fo r a p e n e tra tio n
te s te r to b e fa m ilia r w id i

em ail headers a n d d ie ir re la te d d e ta ils to b e a b le to track

prevent s u c h a tta c k s w ith a n o rg a n iz a tio n .
e m a il u s in g th e eM ailTrackerPRo to o l.
and

111

tin s la b , y o u w ill le a rn to tra c e

Lab Objectives
T h e o b je c tiv e o f tin s la b is to d e m o n s tra te e m a il U a c in g

using eMailTrackerPro.

S tu d e n ts w ill le a rn h o w to :

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance


geographical so u rc e

■

T ra c e a n e m a il to its tm e

■

Collect N etw ork ( IS P ) a n d domain Whois in fo rm a tio n fo r a n y e m a il tra c e d

Lab Environment
111 th e la b , y o u n e e d th e e M a ilT r a c k e r P r o to o l.
■

D :C E H -T o o ls C E H v 8 M o d u le 0 2
Footprinting and R econ n aissan ceE m ail T rackin g
T o o lseM ailT rackerP ro

e M a ilT r a c k e r P r o is lo c a te d a t



■

Y o u c a n a ls o d o w n lo a d d ie la te s t v e r s io n o f

e M a ilT ra c k e rP ro fr o m th e

lin k h ttp : / / w w w .e m a 11t r a c k e r p r o .c o m / d o w n lo a d .h tm l
■

I f v o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
h i



w izard -d riven in s ta lla t io n s te p s a n d in s ta ll th e t o o l

■

F o llo w th e

■

T in s t o o l in s ta lls

■

R u n tin s t o o l

■

A d m in is t r a tiv e p r iv ile g e s a re r e q u ire d to m il tin s t o o l

■

T h is la b re q u ire s a v a lid e m a il a c c o u n t ! H otm ail,

111

Ja v a ru n tim e as a p a r t o l th e in s ta lla t io n
W indow s S erver 2 0 1 2

G m ail, Y ahoo, etc .).

W” e su g g e s t y o u s ig n u p w it h a n y o f th e s e s e rv ic e s to o b ta in a n e w e m a il
a c c o u n t f o r tin s la b
■

P le a s e d o n o t u s e y o u r

real em ail acco un ts a n d passw ords

111

th e s e

e x e rc is e

Lab Duration
.____

e M a ilT r a c k e r P r o

h e lp s i d e n t if y d ie t r u e
s o u r c e o f e m a ils t o h e lp

Overview of eMailTrackerPro

tr a c k s u s p e c ts , v e r if y th e
s e n d e r o f a m e s s a g e , tra c e
a n d r e p o r t e m a il a b u s e rs .

E m a il tr a c k in g is a m e th o d to

m onitor or spy o n e m a il d e liv e r e d to th e

in te n d e d r e c ip ie n t:
■

W h e n a n e m a il m e s s a g e w a s r e c e iv e d a n d re a d

■

I f d e s tr u c tiv e e m a il is s e n t

■

T h e G P S lo c a tio n a n d m a p o f th e r e c ip ie n t

■

T h e tim e s p e n t re a d in g th e e m a il

■

W h e t h e r o r n o t th e r e c ip ie n t v is ite d a n y L in k s s e n t

■

P D F s a n d o th e r ty p e s o f a tta c h m e n ts

■

I f m e s s a g e s a re s e t to e x p ire a fte r a s p e c ifie d tim e

111

th e e m a il

Lab Tasks
•S.

T A S K

1

Trace an Email


1.

L a u n c h th e


111





W in d o w s Se rver 2012

W d w Serve!2 1 Relea»CarvlKJaieO ta e te
in o s
02
a cn !
Evaluationcopy.BuildM O
O

JL. Liiu

,E m

2.

O n th e

S ta rt m e n u , c lic k e M a ilT ra c k e rP ro to la u n c h th e a p p lic a tio n


m


A d v a n c e d E d i t i o n in c lu d e s
a n o n lin e m a il c h e c k e r
w h ic h a llo w s y o u t o v i e w
a ll y o u r e m a ils o n th e
s e r v e r b e fo r e d e liv e r y to
y o u r c o m p u te r.


OK i f th e Edition S e le c tio n p o p - u p w in d o w a p p e a rs

3.
4.

N o w y o u a re re a d y to s ta rt

5.


C lic k

C lic k th e

tracin g e m a il h e a d e rs w it h e M a ilT ra c k e rP ro

T ra c e an em ail o p tio n to s ta rt th e tra c e



|‫-°, ־‬x '

eMailTrackerPro v9.0h Advanced Edition Tria' day 8 of 1
5
Start here My Inbox My I race Reports

eMailTrackerPro‫״‬

License information

I w a n t to :

"ra:e an emal
H elp & L in k s

Log* lp network responsible for an email address
<

View 0Mai!TrackorPto m
anual
View my m
txjx
eMailTrackerf '10 tulcrals
View previous traces

Ftequenlly asked questions
Hnw 10 tiar.w an mnail
Huai In 1:hnrk yiiui inlmK

H to sotu m accounts
ow
p ail
m

T h i s t o o l a ls o

H to sotup ruloc foi om
ow
ails

u n co vers co m m o n S P A M

H to im aettinqs
ow
port

t a c t ic s .

‫ ח‬Go staijv. to
yol arecr

Irbcx *‫ ומר‬eNeirTadyrPio 5tar‫צ‬
•

Copyrgh:(dflVfcjafyvare, Inc. 1
996-2011
8cf s I5da/tnsl. Ta applya licence cl.ck here or for purchaseinform
ation cUk here

vO.Oh(buiH 3375)

F I G U R E 7 .3 : T h e e M a iT T r a c k e r P r o M a i n w i n d o w

6.

C lic k m g

T ra c e an em ail w ill d ir e c t y o u to th e e M a ilT ra c k e rP ro by

V is u a lw a re w in d o w
7.

S e le c t

T ra c e an em ail I have received. N o w , c o p y th e e m a il h e a d e r

fr o m th e e m a il y o u w is h to tra c e a n d p a s te it in
under

Em ail headers fie ld

E n ter D etails a n d c lic k T ra c e
V isualware e M ailTracke rP ro Trial (d a y

8o f 1 )
5

------- 1* I
CQDfjgure I Help I About I

■ eMailTrackerPro by Visualware

•: T rac e an email I have received

A received email message often contains information that can locate the computer where the message was
composed, the company name and sender's ISP (rrv&e.info).
y = J T h e f ilt e r s y s te m in
e M a i l T r a c k e r P r o a llo w s
y o u t o c r e a t e c u s t o m filte r s

O Look up network responsible for an email add ress

An email address lookup will find information about the network responsible for mai sent from that address. It will not
get any information about the sender of mail from an address but can stfl produce useful information.

to m a tc h y o u r in c o m in g
m a il.

Enter Details
To proceed, paste the email headers in the box below (hfiw I.fjnd.th£.h£9£i£r$.?)
Note: If you are using Microsoft Outlook, you can trace an em message drectly from Outlook by using the
arf
eMadTrackerPro shortcut on the toolbar.
Em ail h eaders____________________________________________________________________________________

R e tu rn -P a th :
R e c e iv e d :
id

< r i n i m a t t h e w s 0 g m a i l . com >

f r o m WINMSSELCK4K41

( [ 2 0 2 .5 3 .1 1 .1 3 0 ] )

w i6 3 m l5 6 8 1 2 9 8 p b c .3 5 .2 0 1 2 .0 7 .2 5 .2 1 .1 4 .4 1

c ip h e r = O T H E R ) ; W ed, 2 5 J u l 2 0 1 2 2 1 : 1 4 : 4 2
M e s s a g e - ID :

D a c e : W ed,

<5 0 1 0 c 4 3 2 .

-0 7 0 0

8 6 f 1 4 4 0 a . 3 9 b c . 331c@ m x. g

25 J u l 2012 2 1 :1 4 :4 2

-0 7 0 0

b y rn x .g o o g le .c o m w ith

(v e rs io n - T L S v l/S S L v 3
(PDT)

o o g l e . com >

(PDT)

F ro m : M i c r o s o f t O u t l o o k < r i n i m a t t h e w s @ g m a i l . com >

F IG U R E


7 .4 : T h e e M a i l T r a c k e r P r o b y V i s u a l w a r e W i n d o w



TAS K 2

Note: 111 O u t lo o k , t in d th e e m a il h e a d e r b y f o llo w in g th e s e s te p s :
■

D o u b le - c lic k th e e m a il to o p e n it in a n e w w in d o w

■

Finding Email
H eader

C lic k th e s m a ll a r r o w
b o x to o p e n

‫י‬

U nder

111

th e lo w e r- r ig h t c o r n e r o f th e

In te rn e t headers, y o u w ill t in d th e Em ail header, as

d is p la y e d

111

th e s c re e n s h o t
1 U . oI.
Ij

J-

hi ><
«*
"«
k -

*‫״ ״־‬r

jj

-I
‫—י‬

Tags to o lb a r

M essag e Options in f o r m a t io n b o x

Mim

------------ ‫יי״׳'־-־‬

‫' "י״ “צי‬
*-...
U T • 'T J Ml I
«t. llj i'H O
W
ttolKi
(Vtnni AIM
(
‫ י ם‬r < *n «1t•! *11vrd
» h« <
«‫׳‬

m

T h e abuse rep o rt

o p tio n fro m th e M y T r a c e
R e p o r t s w in d o w
a u t o m a t ic a lly la u n c h e s a
b r o w s e r w in d o w w it h th e
a b u s e r e p o r t in c lu d e d .

F IG U R E

7 .5 : F i n d i n g E m a i l H e a d e r i n O u d o o k 2 0 1 0

T ra c e b u tto n w ill d ir e c t y o u to th e T ra c e report w in d o w

8.

C lic k in g th e

9.

T h e e m a il lo c a tio n is tra c e d in a G U I w o r ld m a p . T h e lo c a tio n a n d I P
a d d re s s e s m a y v a n 7 Y o u c a n a ls o v ie w th e s u m m a ry b y s e le c tin g
.

Sum m ary section
10. T h e

011

Em ail

th e r ig h t s id e o f th e w in d o w

T a b le s e c tio n r ig h t b e lo w th e M a p s h o w s th e e n tir e H o p

111

th e

r o u te w it h th e I P a n d s u s p e c te d lo c a tio n s f o r e a c h h o p

11. IP address m ig h t b e d if f e r e n t th a n th e o n e s h o w n

‫7׳‬
*

111

th e s c re e n s h o t

‫י *־״׳-י‬

eMailTrackerPro v9.0h Advanced Edition Trial day 8 of 1
5

[File O
ptions H
elp

Ihetrsce sccnplecc; the inform
ationfoundisdisplayedo the nght
n

|

T
‫׳‬

viwiRejwit
k m :
—
To: ..... — -

IE3 E a c h e m a i l m e s s a g e

Misdirected: no
AI>us4 Reporting: To automatically generate an email
»
abuse report click here
From IP: 209.85.216.199

in c lu d e s a n In t e r n e t h e a d e r
w i t h v a lu a b le in f o r m a t io n ,
e M a i l T r a c k e r P r o a n a ly 2 es
th e m essag e h e a d e r an d
re p o rts th e I P

System Information:
■ There is no SMTP server running on this system
(the port K closed).
■ There is no HTTP server running on this system
(the port isclosed).
• There is no HTTPS server running on this system
(the port is closed).
• There is no FTP server running on this system
(the port is closed).

ad d ress o f

th e c o m p u te r w h e r e th e
m e s s a g e o r i g i n a t e d , it s
e s tim a te d lo c a t io n , th e
in d iv id u a l o r o r g a n iz a t io n
th e I P

a d d r e s s is r e g is t e r e d

to , th e n e t w o r k p r o v id e r ,
a n d a d d it io n a l in f o r m a t io n
a s a v a ila b le

g
ruriil. Klin

Date: Wed. 25 Jul 2012 06:36:30 ■0700 (PDT)
Subject: Getting started on Google*
Location: [America j

5
3
ID
1
1
1
3
1
4
1
5

115113.166.96
2 985 25 .3
0
15
66.2*99 92
4
&*.2331 5
7 .1
64.233174.178
72.U 23982
72.U 23965
T OQ O T ‫ ־‬C
O C C T

1 5 1 1 5 B static1 .1 3 6 .9 .

1
{A m & rjc d }
{A m & rjc d j
lA m o r/C d j
{A m e r/c o )
lA m e n c Q j
lA m e r K t )

Network Whois
Domain Whois
Email Header

1 You are cr cay 6 of a 15 aey t rial. To apply a licence Qick here or ter purchase intorrraticr Cickherc

F I G U R E 7 .6 : e M a i l T r a c k e r P r o — E m a i l T r a c e R e p o r t




12. Y o u c a n v ie w th e c o m p le te tra c e r e p o r t

TASK

011

My

T ra c e R eports ta b

3
r ‫*׳‬

T race Reports

eMailTrackerPro v9.0h Advanced Edttio‫ .״‬Trial day 8 of 15

1

~ ‫ז‬DT *

Fie Options Help
Stdithaiw Wy Inbox jllyTracc R«pmtejsub|»c<: Guttings
Previous Traces

&

Map

a

IITMI

Subject

&

Delete

©
Fiom

IP

yahoo.com
@< !
@ yahoo.com
com
...*©yahoor
j®yahooeom
74 G 1

y

5619

Moeirg
j< yah
$ oo.com
2 2.5:
0
Z
endio T l Accourcuotom
ria
croorvico^zcndio.com 632
?
‫ ?־‬utf8?Brrw =
1|cm •
:®qmoil co
m
22 •
0 .5
Mwiinq• ‫י‬
g@yah0G
.com

C O □ T r a c k i n g a n e m a i l is

Q1» 11j »UiI*m o ln rt*|1ly‫1־‬l«/1^ifHf^|1l11'» gangly : 1 0 9
tt
I n u
2? •

! ‫ •ז*׳‬oiTno ly daaaifctab pu g
rep ■
i 3 nngi* r

u s e fu l f o r id e n t ify in g th e
c o m p a n y an d n e tw o rk

• Trace intormation

p r o v id in g s e rv ic e f o r th e

b b c!: ^ettivja n tic ‫־‬r ! 00■)*+
u>

a d d ress.

N
6di‫׳‬ecte±10
1

Frcrc ‫ ץכ0׳0 ז‬dii.ttett*;plj:.5:cqfc.ccn
<
Seniif T 209 85 216.199
P

Abjs: >c<kess tScneFojtc)
Ucdtia‫ :־‬Kcun:ar ‫ ♦ז‬cdfcr1‫־‬a, use
**,

Y uare cnday Scf a 1 day:r.a. Toapply a
o
5

eC khere cr far purchasein ationCk
lic
form
_

F IG U R E

7 .7 : T h e e M a i l T r a c k e r P r o - M y T r a c e R e p o r t s t a b

Lab Analysis
D o c u m e n t a ll th e liv e e m a ils d is c o v e r e d d u rin g th e la b w it h a ll a d d itio n a l
in fo r m a t io n .
.‫ ם‬e m a ilT r a c k e r P r o c a n
d e t e c t a b n o r m a lit ie s i n t h e

T o o l/ U t ilit y


e m a il h e a d e r a n d w a r n y o u
d ia t d ie e m a il m a y b e s p a m

M a p : L o c a t io n o f tra c e d e m a il
T a b le : H o p

111

111

G U I m ap

th e r o u te w it h I P

E m a i l S u m m a r y : S u m m a r y o f th e tra c e d e m a il
■

F r o m & T o e m a il a d d re s s

■

D a te

■

S u b je c t

■

L o c a t io n

T r a c e In f o r m a t io n :
■

Sen d er IP

■


S u b je c t

■

L o c a t io n


56


PLE A SE

TA LK

TO


H A V E

Q U E ST IO N S

Questions
1.

W lia t is d ie d iffe r e n c e b e tw e e n tra c in g a n e m a il a d d re ss a n d tra c in g a n e m a il
m e ssa g e ?

2.

W h a t a re e m a il In te r n e t h e a d e rs ?

3.

W h a t d oes “ u n k n o w n ” m ean

4.

D o e s e M a ilT r a c k e r P r o w o r k w ith e m a il m e ssa g e s th a t h a v e b e e n

111

th e ro u te ta b le o f d ie id e n tific a tio n re p o rt?

fo rw a rd e d ?
5.

E v a lu a te w h e th e r a n e m a il m e ssa g e c a n b e tra c e d re g a rd le s s o f w h e n it w a s
se n t.

0

Yes

P la t f o r m
0


□ N o
S u p p o rte d

C la s s r o o m

□ !L a b s



Collecting Information about a
Target Website Using Firebug
F ire b u g in te g ra te s n ith F ire fo x , p ro rid in g a lo t o f develop w e n t to o ls a llo n in g jo n to
e d it, debug, a n d m o n ito r C S S , H T M L , a n d Ja v a S c rip t liv e in a n y ire b p ag e.

Lab Scenario
/ Valuable
information______
Test your
knowledge

sA

W eb exercise

A s you

a ll k n o w , e m a il is o n e o f th e im p o r ta n t to o ls th a t h a s b e e n c re a te d .

U n f o r t u n a t e ly , a tta c k e rs h a v e m is u s e d e m a ils to s e n d s p a m to c o m m u n ic a te

111

s e c re t

a tte m p tin g

to

n e c e s s a ry

fo r

and

lu d e

th e m s e lv e s

u n d e rm in e

b u s in e s s

p e n e tr a tio n

te s te rs to

b e h in d

d e a lin g s .
tra c e

111

th e

su ch

sp am

e m a ils ,

in s ta n c e s ,

a n e m a il to

f in d

th e

it

w h ile

becom es

source of em ail e s p e c ia lly

w h e r e a c r im e h a s b e e n c o m m itte d u s in g e m a il. Y o u h a v e a lr e a d y le a rn e d in th e

m

W orkbook review

p r e v io u s la b h o w to fin d th e lo c a tio n b y tr a c in g a n e m a il u s in g e M a ilT r a c k e r P r o
to p r o v id e s u c h in f o r m a t io n as

city , s ta te , country, e tc . fr o m w h e r e th e e m a il

w a s a c f t ia llv s e n t.
T h e m a jo r it y o f p e n e tr a tio n te s te rs u s e th e M o z illa F ir e f o x as a w e b b r o w s e r t o r
t h e ir p e n te s t a c t iv it ie s . 111 tin s la b , y o u w ill le a rn to u s e
a p p lic a t io n

p e n e tr a tio n

p r o v e to b e a u s e fu l

te s t

and

g a th e r

c o m p le te

Firebug f o r a w e b

in fo r m a t io n .

F ir e b u g

can

debugging t o o l th a t c a n h e lp y o u tra c k ro g u e J a v a S c rip t

c o d e o n s e rv e rs .

Lab Objectives
T h e o b je c tiv e o f d u s la b is to h e lp s ftid e n ts le a rn e d itin g , d e b u g g in g , a n d m o n ito rin g
C S S , H T M L , a n d Ja v a S c r ip t

H Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance


111

a n y w e b s ite s .

Lab Environment
111

■

A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n

■

A d m in is tra tiv e p riv ile g e s to ru n to o ls

■


111 th e C E H
la b e n v ir o n m e n t - o n W indow s S erver
2 0 1 2 , W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7



Lab Duration

Overview of Firebug
F ir e b u g is a n a d d - o n to o l fo r M o z illa F ir e fo x . R u n n in g F ir e b u g d is p la y s in fo rm a tio n
su c h as d ir e c to ry s tru c tu re , in te r n a l U R L s , c o o k ie s , s e ssio n ID s , e tc.

Lab Tasks
F ir e b u g in c lu d e s a lo t

1.

o f fe a tu re s s u c h as

T o la u n c h th e



d e b u g g in g , H T M L
in s p e c t in g , p r o f ilin g a n d
e tc . w h ic h a re v e r y u s e fu l
f o r w e b d e v e lo p m e n t .


2.

O i l th e

S ta rt m e n u , c lic k M ozilla F irefox to la u n c h th e b r o w s e r

Start
Seroei
Mauger
m

O
n

F ir e b u g fe a tu re s :

•

Ja v a s c r ip t

Central
fane•

M o n it o r d ie Ja v a s c r it

w

P e rfo rm a n c e an d
X m lH t t p R e q u e st

T ra c in g

•

S

L o g g in g

•

Hyper-V
Manager

4

‫וי‬

Hyper-V
Virtual
Machine..

Command
Prompt

Google
fcarth

Google
Chrome

j
11 K

•

r

Adm
irostt..
TO
OK

^

*

C o m m a n d L in e
•

Wndows
poyversheii

Task
Manager

J a v a s c r i p t d e b u g g in g

•

Adm inistrator

•
1
Mu/illa
hretox

In s p e c t H T M L an d

—‫־‬

E d it H T M L
•


E d it C S S

3.

T v p e th e U R L

h ttp s://getfirebug.com

111

th e F ir e f o x b r o w s e r a n d c lic k

In s ta ll Firebug




T ° *‫י‬
‫!־־‬
** f rebog

^

|•
9

f ft c*
i

‫ ־‬tfre u <n~
e C q or |
W h a t is Firebug?

TAS K 1

Community

introCiKtion ana Features

^

Docum entation
FA and •v:«
Q

D
tscibswt foru*s anc

:tp i. F ir e b u g
J

Installing Firebug

Install Firebug

ta/~u rw
Web Development Evolved.

‫י‬

Other Versions

*P lrap«ct HTML and modify style and layout In real-time
*0 Use tb• most advanced JavaScript debugger available for any browser
V Acairatety analyze network usage and performance
^ Extend Firebug and add features to make Firebug even more powerful
♦‫ *׳‬Get the information you need to got it done with Firebug.

Exi

Introduction to Firebug
Hi “ bug pyl opntomalogllt
Rob Cam
pbell g
lv*‫׳‬t * quick
Introduction to Fit •bug.
v/vtch now -

The m ost pop ular and pow erfu l w eb d eve lo p m e n t tool

< A

Firebuc Lite

More ScfMWMlI ‘

More Features -

F I G U R E 8 .3: W i n d o w s S e r v e r 2 0 1 2 - A p p s

4.

C lic k in g

In s ta ll Firebug w ill r e d ir e c t to th e D ow nload Firebug p a g e

C lic k th e

Dow nload lin k to in s ta ll F ir e b u g

■MMM‫־‬
I

!_ !□ :

> ‫ו‬

Dmnlud fifet
^

A 1H

gelfitebug coir

-- e |■1 0‫ ־‬s
* ‫.1 ־‬

o»l«*
vnod/

ft c-

P

Download Firebug
y

j

F ir e b u g

Firebug for Firefox

in s p e c ts H T M L a n d
m o d i f y s ty le a n d la y o u t in

$

r e a l - t im e

Firebug 1.10 for Firefox 14: Recommended
Compjtlbtc with: FI1 © 13-16
fox
|l)own1rart| Release Notes. New 1 eatures

Finebug 1.9.2
Compatible with: Firefox 6-13
Powntoad. Retease notes

Firebug 1.8.4
Compatible with: Fliefox 5-9
Download, Release notes

Firebug 1.7.3
Compatible with: Firefox 3.6, 4, 5


5.

O n th e

Add-Ons p a g e , c lic k th e b u tto n Add to F irefox to in itia te th e

A d d - O n in s ta lla t io n
^ F«rbug; Acld-omfor R id a

^

L± J

fi ‫ • ;« ־)*י••יו‬V« I U 1 btlpvy/add0ro.m 2il<.0(g w‫־‬US/firff0xrtd 0‫׳‬vWbug'
‫״‬
>
S
o 1 /1
/ d

‫־‬C

‫ ״ |?י‬Google

P

ft

D ‫־‬

»‫- ׳‬

R«9 itcr or Loc in I Othor Applications *

m

F ir e b u g a d d s s e v e ra l

ADD-ONS
LXILMSJONS I PtKSONAS I IHLMLS I C0CLLCTI0NS

M0RL-.

F

search for add ons

c o n fig u r a tio n o p tio n s to
F ir e f o x . S o m e o f th e s e

Welcome to Firefox Add-ons. Choose from thousands of extra features and styles to make Firefox your own

o p tio n s c a n b e c h a n g e d
t h r o u g h d ie U I , o th e r s c a n
b e m a n ip u la t e d o n ly v ia

# * Extensions » Firebug

★★★
★★

a b o u tx o n f ig .

Firebug 1.10.1
by Joe Hewitt, Jan Odvarko, robcee, HrcbugWorfcLngGroup

Firebug Integrates with Firefox to put a wealth of development tools at your fingertips
while yx ubrowse. You can edit, debug, and monitor CSS. HTM L, and JavaScript live in
>
any web page...

1 , 3 8 1 user reviews
3 ,0 0 2 ,5 0 6 users

Q Add to collection
< Sharethis Add on





6.

m

C lic k th e

In s ta ll N ow b u tto n

111

th e

S o ftw a re In s ta lla tio n w in d o w

S oftw are In sta lla tio n

p a n e T T a b M in W id t h

d e s c rib e s m in im a l w id t h in

Install add-ons only from authors whom you trust.

p ix e ls o f t h e P a n e l ta b s
in s id e d ie P a n e l B a r w h e n
t h e r e is n o t e n o u g h

M a liciou s software can d a m a g e y o u r c o m p u te r o r violate y o u r privacy.

h o r iz o n ta l s p ace .

Y o u have asked to install the fo llo w in g item :

F b g (Ath rnot vrifie )
ire u
uo e d
‫׳‬
‫׳‬

https://addons.m ozilla.org/firefox/dow nloads/latest/

1 4 / a d d o n -1 4 -latest.xpi7
8B
83
src:

Install N o w

Cancel


7.

O n c e th e F ir e b u g A d d - O n is in s ta lle d , i t w ill a p p e a r as a

grey colored

bug o n th e N avig atio n T o o lb ar as h ig h lig h te d in th e f o llo w in g
s c re e n s h o t
m

s h o w F ir s t R u n P a g e

s p e c ifie s w h e t h e r t o s h o w
th e firs t r u n p a g e .

[s

Firebug:: Add-ons for Firefox

1
1

ft Mozilla Corporation (US)

http5://addon5.mozilla.o_______ C t

^ Google________ f i

‫ ־‬t‫־‬
f

D


8.
9.

C lic k th e

Firebug ic o n to v ie w th e F ir e b u g p a n e .

C lic k th e

Enable lin k to v ie w th e d e ta ile d in fo r m a t io n f o r C o n s o le

p a n e l. P e r f o r m th e sa m e fo r th e S c r ip t , N e t , a n d C o o k ie s p a n e ls

m

T h e c o n s o le p a n e l

o ffe rs a Ja v a S c r ip t
c o m m a n d l i n e , lis t s a ll
k in d s o f m e s s a g e s a n d
o f fe r s a p r o f ile r fo r
Ja v a S c rip t c o m m a n d s.




10. E n a b lin g th e C o n s o le p a n e l d is p la y s a ll th e re q u e s ts b y th e p a g e . T h e
o n e h ig h lig h te d
m

T h e C S S panel

11.

111

111

th e s c re e n s h o t is th e

H eaders ta b

th is la b , w e h a v e d e m o n s tra te d h tt p :/ / w w w .m ic r o s o ft .c o m

m a n ip u la t e s C S S r u le s . I t
o f f e r s o p t i o n s f o r a d d in g ,
e d it in g a n d r e m o v in g C S S

12. T h e

H eaders ta b d is p la y s th e R e s p o n s e H e a d e r s a n d R e q u e s t H e a d e rs

b y d ie w e b s ite

s t y le s o f d i e d i f f e r e n t f i le s
o f a p a g e c o n ta in in g C S S . I t
C
$1

a ls o o f f e r s a n e d it in g m o d e ,

‫ ־‬r‫ ־‬r^»
-x

P

* D- *

‫־‬

* ‫י‬U 9|
‫״יי‬

i n w h i c h y o u c a n e d it th e

W e lc o m e t o M ic ro s o ft

c o n t e n t o f d i e C S S f i le s
d i r e c t l y v i a a t e x t a r e a ..

3cw
rJoa41

Sccunty Support

Bjy

.‫״‬

fi

[m m r» | mm im vn U
pi tiM M t laotM t
o
M * | *I | Cnori Mn«)1 n D
fc ebug nf» C o e
o ta i

• *
»

‫^ ן ששש‬

UUf


13. S im ila r ly , th e re s t o f th e ta b s

111

th e C o n s o le p a n e l lik e

Param s.

Response, HTM L, a n d C ookies h o ld im p o r ta n t in f o r m a t io n a b o u t th e
w e b s ite
m

T he H T M L panel

d is p la y s d ie g e n e r a t e d

14. T h e H T M L p a n e l d is p la y s in f o r m a t io n s u c h as s o u rc e c o d e , in t e r n a l
U R L s o f th e w e b s ite , e tc .

H T M L / X M L o f d ie
c u rre n d y o p e n e d page. It

P H D ’

d if fe r s f r o m d ie n o r m a l

*

s o u rc e c o d e v ie w , b e cau se

Welcome to Microsoft

i t a ls o d is p la y s a ll
m a n ip u la t io n s o n th e
D O M

P0u
- 4 ct£ D nloads Secisity
ow

Suppcrt

Buy

tre e . O n t h e r ig h t

s id e i t s h o w s t h e C S S s t y le s
d e fin e d f o r d ie c u r r e n d y

<

‫־‬

| m - (..«O Nl
M u j S**D Mr
.

s e le c t e d ta g , d ie c o m p u t e d
s t y le s f o r i t , l a y o u t
in fo r m a t io n a n d d ie D O M
v a r ia b le s a s s ig n e d t o i t in
d if fe r e n t tab s.
•

US, • a»L Lu.-t
it*

nUMUtUittt

F I G U R E 8 .1 0 : W i n d o w s S e r v e r 2 0 1 2 — A p p s

15. T h e

N e t p a n e l s h o w s th e R equest s ta rt a n d R equest phases s ta rt and

elapsed tim e re la tiv e to th e R equest s ta rt b y h o v e r in g th e m o u s e
c u rs o r


011

th e T im e lin e g ra p h f o r a re q u e s t



N e t P a n e l 's p u r p o s e is
to m o n it o r H T T P tr a ff ic
in it ia t e d b y a w e b p a g e a n d
p r e s e n t a ll c o lle c t e d a n d
c o m p u te d in fo r m a t io n to
d i e u s e r . I t s c o n t e n t is
c o m p o s e d o f a lis t o f
e n t r ie s w h e r e e a c h e n t r y
re p re s e n ts o n e
re q u e s t/ re s p o n s e ro u n d
t r i p m a d e b y d i e p a g e ..


16. E x p a n d a re q u e s t in th e N e t p a n e l to g e t d e ta ile d in f o r m a t io n o n
P a r a m s , H e a d e r s , R e s p o n s e , C a c h e d , a n d C o o k ie s . T h e s c re e n s h o t th a t
fo llo w s s h o w s th e C a c h e in f o r m a t io n
^

^

;» 1
T

S c r ip t p a n e l d e b u g s

1

------------

M

c

i l ‫•; ־‬ojw

fi'■ft

D *

-

Ja v a S c r ip t c o d e . T h e re fo re

Welcome to Microsoft

d ie s c r i p t p a n e l in t e g r a t e s a

‫•,׳‬odwtj

p o w e r f u l d e b u g g in g t o o l

fcwnbads

S u
ec rity S
upport

b a s e d o n f e a t u r e s li k e

M

d if f e r e n t k in d s o f
b r e a k p o in t s , s te p - b y - s te p

.

•

•

.!‫ו•־‬

r

•:

‫י‬

v

■

1. 1 ‫■י‬
..

e x e c u t io n o f s c rip ts , a
d is p la y f o r th e v a ria b le

• UI

s ta c k , w a t c h e x p r e s s io n s

• UT 4u«PMu4>l

a n d m o r e ..

»C»

11 1

.A UN

:0‫>׳‬

nxWtnMM•

11‫* ׳‬tuam iM i

w₪m₪₪₪₪₪₪₪w₪₪₪mM
₪₪₪₪w₪₪₪₪w₪a ₪₪^
^

11

‫־‬

*••MX. IfWm Kfifw■• |<««M C U •
m

trJ z z

“1 ‫ ״י™״‬a*M1 “‫• י‬r~
r
0 nC‫1 • 0׳‬
‫״״׳‬

4 u m w luriJSK'i-MiMo.
a i vucu.1ra.M MX.il m 1

1

J ™

<jnoe*ofU
«n

.

.‫.״‬j‫™.•*־.־‬


17. E x p a n d a re q u e s t in th e C o o k ie s p a n e l to g e t in f o r m a t io n o n a c o o k ie
V a lu e , R a w d a ta , ] S O N , e tc .

W c lc o m c t o M icro so ft
(*‫ ־‬d c O w i S u
• u t• ew oM *c 1‫׳‬ty S p rt B y
ea o
u
E x p o r t c o o k ie s fo r
d i i s s it e - e x p o r t s a ll
c o o k ie s o f d ie c u r r e n t

ft• Coobn* Fto ‫־‬

Cjk
ti*

U.ictt ccciic-.) ‫־‬

w e b s i t e a s t e x t f i le .
T h e r e f o r e d ie S a v e as
d i a l o g is o p e n e d a l l o w i n g
y o u t o s e le c t d ie p a t h a n d
c h o o s e a n a m e fo r th e
e x p o r t e d f ile .





Note: Y o u c a n h n d in f o r m a t io n re la te d to th e C S S , S c r ip t , a n d D O M p a n e l

011

th e r e s p e c tiv e ta b s .

Lab Analysis
C o lle c t in fo rm a tio n su c h as in te r n a l U R L s , c o o k ie d e ta ils , d ir e c to ry s tm e tin e ,
s e ssio n ID s . e tc . fo r d iffe r e n t w e b s ite s u s in g F ire b u g .
T o o l/ U t ilit y

S e r v e r o n w h ic h t h e w e b s it e is h o s t e d :
M ic r o s o f t —IIS / 7 .5
D e v e lo p m e n t F r a m e w o r k : A S P . N E T
H T M L S o u r c e C o d e u s in g Ja v a S c r ip t , j Q u e r y ,
Ajax

F ir e b u g

O t h e r W e b s it e In f o r m a t io n :
■

In t e r n a l U R L s

■

TA LK

TO

D ir e c t o r y s tru c tu re

■

P LE A S E

C o o k ie d e ta ils

■

S e s s io n ID s


H A V E

Q U E ST IO N S

Questions
1.

D e te r m in e th e F ir e b u g e r r o r m e s s a g e th a t in d ic a te s a p ro b le m .

2.

A f t e r e d itin g p a g e s w it h in F ir e b u g , h o w c a n y o u o u tp u t a ll th e c h a n g e s
th a t y o u h a v e m a d e to a s ite 's C S S ?

3.

111 th e F ir e b u g D O M

p a n e l, w h a t d o th e d if f e r e n t c o lo r s o f th e v a r ia b le s

m ean?
4.

W h a t d o e s th e d if f e r e n t c o lo r lin e in d ic a t e

111

th e T im e lin e re q u e s t in th e

N e t p a n e l?
0

Yes

P la t f o r m
0


□

N o

D

iL a b s

S u p p o rte d

C la s s r o o m



Mirroring W ebsites Using the
HTTrack Web Site Copier Tool
H T T rn c k W eb S ite C o p ie r is a n O fflin e h ron s e r u tility th a t a llo n ‫ ׳‬jo / / to don nload
s
a W o rld W id e W eb s ite th ro u g h th e In te rn e t to jo u r lo c a l d ire c to ry .

Lab Scenario
/ Valuable
information______

W e b s it e s e rv e rs s e t c o o k ie s to h e lp a u th e n tic a te th e u s e r it th e u s e r lo g s

m

111

Test your
knowledge

sA

s e c u re a re a o f th e w e b s ite . L o g in in f o r m a t io n is s to re d
can

to

W eb exercise

You

W orkbook review

e n te r

and

le a v e

th e

w e b s ite

w ith o u t

h a v in g

111

to a

a c o o k ie s o th e u s e r
re - e n te r

th e

sa m e

a u th e n tic a tio n in f o r m a t io n o v e r a n d o v e r .
have

le a rn e d

111

th e

p r e v io u s

la b

to

e x tra c t in f o r m a t io n

fr o m

a w eb

a p p lic a t io n u s in g F ir e b u g . A s c o o k ie s a re tra n s m itte d b a c k a n d f o r t h b e tw e e n a
b r o w s e r a n d w e b s ite , i f a n a tta c k e r o r u n a u th o riz e d p e rs o n g e ts
d a ta

tra n s m is s io n , th e

a tta c k e r c a n

a ls o

u se

s e n s itiv e
F ir e b u g

c o o k ie
to

in f o r m a t io n

can

be

se e w h a t Ja v a S c r ip t w a s

111

b e tw e e n th e

in te r c e p te d .
d o w n lo a d e d

A

11

and

e v a lu a te d . A tt a c k e r s c a n m o d ify a re q u e s t b e fo r e i t ’s s e n t to th e s e r v e r u s in g
T a m p e r d a ta . I t t h e y d is c o v e r a n y S Q L o r c o o k ie v u ln e r a b ilit ie s , a tta c k e rs c a n
p e r fo r m a S Q L in je c tio n a tta c k a n d c a n ta m p e r w it h c o o k ie d e ta ils o f a re q u e s t
b e fo r e i t ’s s e n t to
b ro w s e rs

in t o

th e s e rv e r. A tt a c k e r s

s e n d in g

s e n s itiv e

c a n u s e s u c h v u ln e r a b ilit ie s

in f o r m a t io n

o ver

in s e c u re

to

t r ic k

c h a n n e ls .

The

a tta c k e rs th e n s ip h o n o f f th e s e n s itiv e d a ta f o r u n a u th o riz e d a c c e s s p u rp o s e s .
T h e r e fo re ,

as

a

p e n e tr a tio n

te s te r,

yo u

s h o u ld

have

an

u p d a te d

a n tiv ir u s

p r o te c tio n p ro g ra m to a tta in In t e r n e t s e c u rity .
111 tin s la b , y o u w ill le a r n

to m ir r o r a w e b s ite u s in g th e H T T r a c k W e b

S ite

C o p ie r T o o l a n d as a p e n e tr a tio n te s te r y o u c a n p r e v e n t D - D o S a tta c k .

Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a rn h o w to m ir r o r w e b s ite s .

Lab Environment
T o c a n y o u t th e la b , y o u n e e d :




■

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

W e b D a ta E x tr a c to r

lo c a te d a t

D:CEH-ToolsCEHv 8 Module 02

Footprinting and R eco n n aissan ceW eb site Mirroring T oo ls H T T ra c k
W eb site C opier
■

Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f

H T T ra c k W eb S ite C opier

fr o m th e lin k h t t p :/ / w w w .h tt r a c k .c o m / p a g e / 2 / e n / 111d e x .h tm l
■

111



W izard driven in s ta lla tio n p ro c e s s

■

F o llo w th e

■


111

th e C E H

la b e n v ir o n m e n t - o n

W indow s S erver

2 0 1 2 . W indow s 8 , W indow S erver 2 0 0 8 , a n d W indow s 7
■

T o r u n t liis t o o l A d m in is t r a t iv e p r iv ile g e s a re re q u ire d

Lab Duration
T im e : 10 !M in u te s

Overview of Web Site Mirroring
W i n H T T r a c k arran g e s
t h e o r i g i n a l s it e 's r e l a t i v e
lin k - s t r u c t u r e .

Web mirroring a llo w s y o u to d o w n lo a d a w e b s ite to a lo c a l d ir e c to r}7 b u ild in g
,
re c u rs iv e ly a ll

directories. HTML, images, flash, videos, a n d o d ie r h ie s fro m d ie

s e rv e r to y o u r c o m p u te r.

Lab Tasks
1.

T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft


| | W in d o w s Server 2012

W
intioMS ivm201? ReleaseCandidate DaUcMt 1
o
___________________E/dualicncopy. Buid 840!

T O

‫ ד5ז‬W ■
F I G U R E 9 .1: W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w

2.
W i n H T T r a c k w o r k s as
a c o m m a n d - lin e p r o g r a m

S ta rt m e tr o a p p s , c lic k W in H TT rack to la u n c h th e a p p lic a d o n
W in H TT rack

111 th e

o r d ir o u g h a s h e ll f o r b o d i
p r iv a te (c a p tu r e ) a n d
p r o f e s s io n a l (o n - lin e w e b
m ir r o r ) u se .




A m is a r ^
d in tr to

Start
Windows
PowiefShe!

UirvvjM

Adm
intstf...
Tools

Path

Mozila

copyng

Pro 2.7

rL

W

&

©

Ccrpuw

T
ask

Jjpor.V

Hyp«‫־‬V
Virtual
Machine...

11

4

Command

Googb
Chrcnie

*

e

id

a

hfitcHy.trt

rwrirv■

a

C
l
a

■
—

(**Up

•

a

Coojfc
tanti

V

Adobe
Kcafler X

WirHfTr..
webste

J:

T

1:T

w
r
r


J

TAS K 1

3.

111 th e W in H T T r a c k m a in w in d o w , c lic k

Mirroring a
W ebsite

File

Preferences

Mirror

a Local Disk <D:>
^ £

DVD RW Drive <E:*

E , . New Volume <F:>

£ 7

N e x t to c re a te a N e w P ro ject

iB I

WinHTTrack Website Copier ‫[ ־‬New Project 1]
Log

V/indow

Help

Welcom to WinHTTrack Website C p
e
o ter!
Please click onthe NEXTb tto to
u n

ra c k

<
3ack

Q u ic k ly u p d a te s

|

Neit ?

w e b s it e c o p ie i

|

d o w n l o a d e d s it e s a n d

J

r e s u m e s in te r r u p te d
d o w n lo a d s (d u e to
F IG U R E

c o n n e c t io n b re a k , c ra s h ,
e tc .)

4.

E n t e r th e

9 .3 : H T T r a c k W e b s i t e C o p i e r M a i n W i n d o w

p ro ject nam e

111

th e

to s to re th e c o p ie d file s . C lic k


P ro ject nam e h e ld . S e le c t th e B a s e p a th
Next



WinHTTrack Website Copier • [New Project 1]

H
File
& ) W i z a r d t o s p e c ify w h ic h

_og

Window

1+ J Local Disk <0
13 l j L CI Disk < :>
03
D

1 -1

='

‫ו ׳י‬

Help

'‫־י‬
New project name.

| ]eg Project

Project category

|
|

D D P.A Cnve <£:>
V

lin k s m u s t b e lo a d e d
( a c c e p t / r e f u s e : l i n k , a ll

M r
irro

Preferences

1Si c i

N*‫ *״‬Yoiume

<
^;>

-hfo

d o m a in , a ll d ir e c t o r y )

Nw ro c
e p jet

Base p th
a;

t:NVWebSles

<£ock

1 ..|

|

Not >

|

Ccnccl

|

Help

|

KU
JM
F IG U R E

5.

E n te r

9 .4 : H T T r a c k W e b s i t e C o p i e r s e l e c t i n g a N e w P r o j e c t

w w w .c e rtifie d h a c k e r.c o m u n d e r W eb A ddresses: (URL) a n d

th e n c lic k th e

S et options b u tto n
WinHTTrack Website Copier ‫[ ־‬Test Projectwhtt]

File

£reterences

‫־:״‬

V1ndov

Help

-

B i j . local Disk <C>

B L CEH-Took
S

MrTcrirg Mode
Enter addresses) in URL box

T im e o u t a n d m in im u m

, Irtel
(fj
| NfyWebSitc* |
j ^ Jfi Program fil«c
i S i. Program hies xto)

tra n s fe r ra te m a n a g e r to
a b a n d o n s l o w e s t s it e s

j

U,
l€
J

55
4

| Dowrioddweb e( )
Web Addr*«t#«: (URL)

Sl i . Windows
L .Q NTUSERDAT
B , , Local D lr < ‫>־‬
< D

‫ א‬cortfiodhackor.comI

DVD RW Dn/e <
E:>

₪

New '/olume <
F:>

FWcrerccs ord r

3

^

F IG U R E

D o w n l o a d i n g a s it e c a n

9 .5 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d

o v e d o a d it, i f y o u h a v e a
fa s t p ip e , o r i f y o u c a p tu r e

6.

C lic k in g th e

S et options b u tto n w ill la u n c h th e W in H T T ra c k w in d o w

t o o m a n y s im u lta n e o u s c g i
(d y n a m ic a lly g e n e ra te d
pages)


7.

C lic k th e

Scan Rules ta b a n d s e le c t th e c h e c k b o x e s f o r th e t ile ty p e s as

s h o w n in th e f o llo w in g s c re e n s h o t a n d c lic k

OK



H

*

WinHTTrack
M IM E types
Proxy

|

Browser ID

| S ca n Rules | ]

Limits

|
|

Log, Index. C a c h e
R ow Control

|

Links

]
|

Experts Only
Build

|

Spider

U w c rd toe c d o in lu eU Lso lin s
se ild a s x lu e r c d R r k.
Y uc np tse e l sc ns g o th s m lin .
o a u v ra a trin s n e a e e
U s a sa s p ra rs
se p ce s e a to .
E a p : +z - w .* o - w .*e uc i- in*c i
x mle * ip w w .c m w w d / g b /. g
m

F i l e n a m e s w i t h o r ig in a l

s t r u c t u r e k e p t o r s p lit t e d
m o d e Cone h t m l fo ld e r , a n d
o n e i m a g e f o l d e r ) , d o s 8 -3
f ile n a m e s o p t i o n a n d u se rd e fin e d s tru c tu re

T : T h veA G file in lu e ,u es mth glik + w .s mwb o /1 if.
ip o a LL IF s c d d s o e in e w w o e e .c m’.g
(+.g I - ifw in lu e e c d A G fr m LLs s
* if “g ill c d / x lu e LL IFs o A ite )

OK

F IG U R E
S3 H T M L p a r s in g a n d ta g

Cancel

Hlp
e


T h e n , c lic k

a n a ly s is , in c lu d in g

N ext

ja v a s c r ip t c o d e / e m b e d d e d

WinHTTrdck Website Copier ‫( ־‬Test Project.whtt]

H T M L code

File

Preferences

Mrror

‫״‬cq

a - j^ Local Dsk <C:>
0 ^ CEH-Tooli

Window

Help

‫־‬M
irroring Mode -

& 1 dell

Enter adJress(es)inURLb x
o

B
inetpub
! £ - j, Intel
)I ^) ,i; MyV/d)Sites

j £}
Program Files
.
j
Program files (x86)
I il--± Uscr
₪ j. Windows
j L Q NTfStRDAT
£] u Local Disk < ‫־‬
D>
51 ^

Download web ste(s)
V/ob Addresses: (URL)
a certr'iedtacker.c
‫׳‬

DVD RW Drive <
E;>

S i - New Volume <
F;>

Pnefererces and mrroroptions:

..I
F IG U R E

9.

Q

P r o s y s u p p o rt to


P lease adjust
connection p a ra m e ters if n ecessary, then press F IN IS H to launch
th e m irroring o peration

B y d e fa u lt, th e r a d io b u tto n w ill b e s e le c te d f o r

m a x im iz e s p e e d , w it h
o p t io n a l a u t h e n t ic a t io n


10. C lic k

Finish to s ta rt m ir r o r in g th e w e b s ite



WinHTTrack Website Copier - [Test Projeciwhtt]
File
C D T h e t o o l lia s in t e g r a t e d
D N S c a c h e a n d n a t iv e

Preferences

Mirror

j ||j

Window

Help

Local Disk « J>
CEH Tool:

j 0‫־‬J dl
■d
t
: Si j,
j Si
I Si j.
₪

netpub
me!
M/V/ebSites
Program Files

j

h ttp s a n d ip v 6 s u p p o r t

.og

Program F les (x80)

Remcte conncct‫־‬
Connect to this provider

‫פ‬

| Do not use rem access connection
ote

V D nectw enfnished
iscon
h

0 j. J503
■
i ra >. Windows

V Shutdaivn PC when fnished

L - Q NTUStRXIAT

S x a i Local Dklc <[>>

Onhdd

DVD F.V Crive <E;>
b
New Vo umc <R>

3

Tron3lcr schcdulod lor (hh/

r r r
C Save *tilings only do not lajrch download n

F IG U R E

9 .8 : H T T r a c k W e b s i t e C o p i e r T y p e o r d r o p a r i d d r a g o n e o r s e v e r a l W e b a d d r e s s e s

C D H T T r a c k c a n a ls o
u p d a t e a n e x is tin g m ir r o r e d
s it e a n d r e s u m e i n t e r r u p t e d
d o w n l o a d s . H T T r a c k is
fu lly c o n fig u r a b le b y
o p t i o n s a n d b y filte r s

11. S ite m ir r o r in g p ro g re s s w ill b e d is p la y e d as

H

111

th e f o llo w in g s c re e n s h o t

x‫ז‬

Site mirroring in progress [2/14 ( ■! 32794 ,(13‫ ־‬S bytes] ‫[ ־‬Test Project.whtt]

File

preference:

Miiro‫ ־׳‬Log

Window

Help

P■ Local D is k < >
^
C
: ₪ X CEH-Tods

j B -Jj del
Inform
atbn

‫ ש‬J . ■netpub

j 0 ^ lnl
t
e

| 0 M MyWcbSitcs
I ‫ ■ן.ן‬J1 Program Files
~
Q ‫|׳‬

Progrom Files (»86)

I ra i . Users
j 0 1 Windows
~ j j NTUSFR.DAT
y - g Local Diik<0:>

Bytes saved
Tim :
©
Transfer rate:
Active connection#‫׳‬

320.26K1B
2rrin22j
OB/S (1.19KB/S)
1

Urks scanned:
-l«e wrtten:
‫*־‬es updated
“ ‫״״‬

2/14(♦
13)
14
0
0

W }Actions:]
scanning

www cotifedhacker conv)s

1■
1
------1
I

SKIP
SKIP
SKIP
SKIP

1
1
1
1

1
1
1
1
1
1
1
1
1

DVD RW DrK* <E >
:
B r j Nevr Volume <F:>

-KIP
SKIP
SKIP
SKIP
SKIP
SKIP
SKIP
SKIP
SKIP

1
1
1
1
1
1
1
1
1

J Lsz

C D F ilt e r b y file ty p e , lin k

F IG U R E

H
elp

|

9 .9 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s

lo c a t io n , s tru c tu re d e p th ,
f i l e s iz e , s it e s iz e , a c c e p t e d
o r r e f u s e d s it e s o r f i l e n a m e
(w it h a d v a n c e d w ild c a r d s )..


12. W in H T T r a c k s h o w s th e m e s s a g e

M irroring operatio n c o m p le te o n c e

th e s ite m ir r o r in g is c o m p le te d . C lic k

B row se M irrored W eb site



Site mirroring finished! •[Test Project.whtt]
File

Preferences

Mirror

.og

Window

3 j* . Local Disk <C>
E
CEH-Tools

Mrroring operation ccmplctc

C kEitt qit1 n T r c.
lfc x o u / HTa*
V
S eOf!fe )tre e s ytoe s r thte e th isO.
e g (s c s a nue a v r/ rg K

Intel
; M
(MyWebSiles |
0 I Program Files
Q

O p t i o n a l l o g f i le w i t h

e r r o r - lo g a n d c o m m e n t s lo g .

Help

Tharks for using WinHTTrack1

j 0
Program F les (x80)
I
J t Usen
i g| j. •Vndow;
1 Q NTUSBUJAT
|- a
^
[ij ‫״‬

Local Disk < .>
[>
DVD RW Crive <h>
Nev/Voumc <F:>

B o M dW b
rcw o rrcro o aitc

MM
U
F IG U R E

13. C lic k in g th e

9 .1 0 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s

B row se M irrored W e b s ite b u tto n w ill la u n c h th e m ir r o r e d

w e b s ite f o r w w w .c e r t 1fie d h a c k e r .c o m . T h e U R L in d ic a te s th a t th e s ite is
lo c a te d a t th e lo c a l m a c h in e

Note: I f th e w e b p a g e d o e s n o t o p e n f o r s o m e re a s o n s , n a v ig a te to th e
C ] U s e b a n d w id t h lim it s ,
c o n n e c t i o n l i m i t s , s iz e
lim it s a n d t im e lim it s

d ir e c to r }‫ ־‬w h e r e y o u h a v e m ir r o r e d th e w e b s ite a n d o p e n in d e x .h tm l w it h
a n y w e b b ro w s e r

Downloads and support
Downbacfe

Ask‫־‬questions
fecole re l
a

w»
<

‫■!׳‬tiv• Mr
‫יזיי‬

Help and how-to

hM t E
nw jplxe‫־‬

acen 1 ed w «n th
9< u ^ < e
M
xrovo (imnuMli
fl

S ecurity a n d updates

(S) “‫“**־‬

b!r«an

V _ V Ch»tl 1tIftaMM iK ,
c
tttO

F IG U R E

9 .1 1 : H T T r a c k W e b s i t e C o p i e r M i r r o r e d W e b s i t e I m a g e

14. A f e w w e b s ite s a re v e r y la rg e a n d w ill ta k e a lo n g tim e to m ir r o r th e
C□ D o n o t d o w n lo a d to o

c o m p le te s ite

la r g e w e b s it e s : u s e filte r s ;
t r y n o t t o d o w n lo a d d u r in g
w o r k in g h o u rs

15. I f y o u w is h to s to p th e m ir r o r in g p ro c e s s p r e m a tu r e ly , c lic k
th e

16. T h e s ite w ill w o r k lik e a


C ancel in

S ite m irroring progress w in d o w
live hosted w e b s ite .



Lab Analysis
D o c u m e n t th e m irro re d w e b s ite d ire c to rie s , g e ttin g H T M L , im a g e s , a n d o th e r tile s.
T o o l/ U t ilit y


H T T ra c k W eb

■

S it e C o p ie r

P LE A S E

TA LK

O f f lin e c o p y o f th e w e b s ite
w w w .c e r tif ie d h a c k e r .c o m is c re a te d

TO


H A V E

Q U E ST IO N S

Questions
5.

H o w d o y o u r e tr ie v e th e file s th a t a re o u ts id e th e d o m a in w h ile
m ir r o r in g a w e b s it e ?

6.

H o w d o y o u d o w n lo a d ftp tile s / s ite s ?

7.

C a n H T T r a c k p e r fo r m fo rm - b a s e d a u t h e n t ic a t io n ?

8.

C a n H T T r a c k e x e c u te H P - U X o r I S O

9.

H o w d o y o u g ra b a n e m a il a d d re s s

111

9 6 6 0 c o m p a tib le file s ?
w e b p ag es?

□

Yes

P la t f o r m
0


0

N o

S u p p o rte d

C la s s r o o m

0

!L a b s



Extracting a Company’s Data Using
Web Data Extractor
W eb D a ta E x tra c to r is u sed to e x tra c t targ e te d co m p a n j(s) co n tact d e ta ils o r d a ta
such a s e m ails ; fa x , p h o n e th ro u g h w eb fo r resp o n sib le b ' b co m m u n icatio n .
2

Lab Scenario
/ Valuable
information______

A tt a c k e r s

c o n t in u o u s ly

lo o k

lo r

th e

e a s ie s t m e th o d

T h e r e a re m a n y to o ls a v a ila b le w it h w h ic h

to

c o lle c t in fo r m a t io n .

a tta c k e rs c a n e x tra c t a c o m p a n y ’s

Test your
knowledge
0

d a ta b a s e . O n c e th e y h a v e a c c e s s to th e d a ta b a s e , th e y c a n g a th e r e m p lo y e e s ’

sA

W eb exercise

th e in f o r m a t io n g a th e re d , th e y c a n s e n d s p a m e m a ils to th e e m p lo y e e s to f ill

m

W orkbook review

e m a il a d d re s s e s a n d p h o n e n u m b e rs , th e c o m p a n y ’s in t e r n a l U R L s , e tc . W it h

th e ir m a ilb o x e s , h a c k

in t o

th e

c o m p a n y ’s w e b s ite , a n d

m o d ify

th e in t e r n a l

U R L s . T h e y m a y a ls o in s ta ll m a lic io u s v ir u s e s to m a k e th e d a ta b a s e in o p e r a b le .
A s a n e x p e rt

pe n e tra tio n te s te r, y o u s h o u ld b e a b le to d u n k fr o m a n a tta c k e r ’s

p e r s p e c tiv e a n d t r y a ll p o s s ib le w a y s to g a th e r in f o r m a t io n
You

s h o u ld

be

a b le

to

c o lle c t

a ll

th e

co n fid en tial

011

organizations.

inform ation

of

an

o r g a n iz a tio n a n d im p le m e n t s e c u r ity fe a tu re s to p r e v e n t c o m p a n y d a ta le a k a g e .
111 tin s la b , y o u w ill le a r n to u s e W e b

D a t a E x t r a c t o r to e x tra c t a c o m p a n y ’s

d a ta .

Lab Objectives
T h e o b je c tiv e o f tin s la b is to d e m o n s tra te h o w to e x tra c t a c o m p a n y ’s d a ta u s in g

Web Data Extractor. S m d e n ts w ill le a rn h o w to :
■


E x t r a c t M e t a T a g , E m a il, P h o n e / F a x f r o m th e w e b p a g e s



& 7 Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

Lab Environment
T o e a r n ’ o u t th e la b y o u n e e d :

D :CEH-ToolsCEHv 8 M odule 02
Footprinting and R econ naissanceA dditional Footprinting ToolsW eb
D ata E x tra c to r

■

W e b D a t a E x t r a c t o r lo c a te d a t

■

Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o l

W eb D ata E x tra c to r f r o m

th e lin k h tt p :/ A v w w .w e b e x t r a c t o r .c o m / d o w n lo a d .h tm
■

111

■



T h is la b w ill w o r k in th e C E H

la b e n v ir o n m e n t -

011

W indow s S erver

2 0 1 2 , W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7

m

W ’D E

s e n d q u e r ie s to

s e a r c h e n g in e s t o g e t
m a t c h in g w e b s it e U R L s

Lab Duration
T im e : 10 M in u te s

Overview of Web Data Extracting
V V JD E w il l q u e r y 1 8 +
p o p u l a r s e a rc h e n g in e s ,
e x t r a c t a ll m a t c h in g U R L s

W e b d a ta e x tra c tio n is a ty p e o f in fo r m a tio n re trie v a l d ia t c a n e x tra c t a u to m a tic a lly
u n s tru c tu re d o r s e m i- s tm c tu re d w e b d a ta so u rc e s

111

a s tru c tu re d m a n n e r.

f r o m s e a r c h r e s u lts , r e m o v e
d u p lic a t e U R L s a n d fin a lly
v is it s th o s e w e b s it e s a n d

Lab Tasks

e x tra c t d a ta f r o m th e re

1.

T o la u n c h th e



F IG U R E

~

TAS K 1

Extracting a
W ebsite


2.

1 0.1: W i n d o w s 8 — D e s k t o p v i e w

S ta rt m e n u , c lic k W eb D ata E x tra c to r to la u n c h th e a p p lic a tio n
W eb D ata E x tra c to r

111 th e



Start

Admin A

Q

■

Microsoft
Office
Picture...

B

m

Microsoft
OneNote
2010

a

Microsoft
Outlook
2010

s

Microsoft
PowerPoint
2010

D

a

Microsoft
Publisher
?010

a

a

Microsoft
Office ?010
Unguag...

Snagit 10

‫נ ם‬
1
*oiigm

m WDE - Phone,
Fax H arvester
module is
designed to
spider the w eb for
fresh Tel, FAX
numbers targeted
to th e group th at
you w a n t to
m arket your
product or
services to

V cw
O
* ‫* ׳יי‬

181

*

Mrt (iidNli nllilol) • e9am
m *

B

ii

8i
Mcrosoft

10

Organizer

<
9

Microsoft
Word ?010

Microsoft
Office ?010
Upload...

S tD te
k n

M
ats

a

Microsoft
Excel 2010

* fte
ro

Mozilb
Firefox

3

<>

a

a
AWittl h ■
*
Antivirus

R

%/}. r !

Certificate
for VBA_.

M

•

&

<

Web Data
Extractor

Snagit 10
Editor

Adobe
Reader 9

Adobe
ExtendSc

Bl

P

X a UVf G
bx
a‫״‬w

>-

F I G U R E 1 0 .2 : W i n d o w s 8 — A p p s

3.

W e b D a t a E x t r a c t o r ’s m a in w in d o w a p p e a rs . C lic k

N e w to s ta rt a n e w

s e s s io n

—

W e b D ata Extractor 8.3

File

&

I t h a s v a r io u s lim it e r s

o f s c a n n in g r a n g e - u r l
filt e r , p a g e te x t filt e r ,

View

m
New

Help

£
Qpen

t?
Sat
tr

Cur speed

L$ess,on Meta tags Emails Phones Faxes

0 00 kbps

Avg speed 0 00 kbps

Stofi I
Merged list Urls

Inactive sites

d o m a in filt e r - u s in g w h ic h
y o u c a n e x tra c t o n ly th e

URL processed 0

Sites processed 0/0. Tim 0 msec
e:

Traffic received 0 bytes

lin k s o r d a ta y o u a c t u a lly
n e e d fro m w e b pages,
in s t e a d o f e x t r a c t in g a ll th e
lin k s p r e s e n t t h e r e , as a
r e s u lt , y o u c r e a t e y o u r o w n
c u s t o m a n d ta r g e te d d a ta
b a s e o f u r ls / lin k s c o lle c t io n

F IG U R E

C lic k in g

1 0 .3 : T h e W e b D a t a E x t r a c t o r m a i n w i n d o w

N ew o p e n s th e Session settings w in d o w .

T y p e a U R L rw w w .c e rt 1h e d h a c k e r.c o m )
H

W e b D a ta E x tra c to r

111

d ie

d ie c h e c k b o x e s fo r a ll th e o p tio n s as s h o w n

111

S tartin g URL h e ld . S e le c t
th e s c re e n s h o t a n d c lic k

OK

a u t o m a t i c a l l y g e t lis t s o f
m e t a - t a g s , e - m a ils , p h o n e
a n d fa x n u m b e r s , e tc . a n d
s to r e t h e m in d if fe r e n t
fo rm a ts fo r fu tu re u se




Session settings

Suc O it lns Fltr UL Ftr Tx Ftr Dt Pre Cneto
ore f e k i e R ile: et ile: aa asr onci n
ls
Sac eg e Se/Det r /G us ULl
erh nins it ircoy r p R i
o
Satn UL hp/ w.crifehce.cm
tri g R t :/wwet i dakr o
t
Sidfi
pe n
<Rtieadp
• er vl et
:
h
OPoeseata onopgs
r cs xc m t f ae
u

£ 3 F ix e d " S t a y w it h fu ll
u d " a n d " F o l l o w o f fs it e

0 Jg ]

wn R
’ fJU L
th
hp/ w. etiehce.cm
t :/ww rif dakr o
t
c

Save data

Etat d aawb at micllysvdinh slet dloeuin CVfr a.Yucnsv dt in
xrce dt i e u a a ae t e e ce ldr s g S o t o a ae aa
ot
m
t edfrnfr amulyuin Sv blt n nh crepnin etatd aapg
h ifeet o t a a s g ae uo o t e orsodg xrce dt ae
m n
Fldr CUesAm ou et eEtat rDtetf dakrcm
o e :srd inDcm sWbxrco aacr1iehce o
n
® x c Mt tg
E tra t eaas
@Etate as
xrc ml
i
0 Etatst bd
xrc ie oy
@Etatpoe
xrc hns
MEtatULa bs UL
xrc R s ae R
@Etatfxs
xrc ae
vl

lin k s " o p t io n s w h ic h fa ile d
f o r s o m e s it e s b e f o r e

F IG U R E

6.

C lic k

1 0 .4 : W e b D a t a E x t r a c t o r t h e S e s s i o n s e t t i n g w i n d o w '

S ta rt to in itia te th e d a ta e x tr a c tio n
W e b Data Extractor 8.3

8

V

New

Ed*

£
Qpen

Sterl

Sites processed 0/ 0 Tine: 0m
sec

m

1
stofi 1

Jobs 0 / [5

Cw speed 000kbps
.

1

Avg speed 000kbps

1

URL processed 0
Trafflereceived 0bytes

& It supports
operation through
proxy-server and
w orks very fast,
as it is able of
loading several
pages
sim ultaneously,
and requires very
fe w resources.
Powerful, highly
targeted email
spider harvester

F IG U R E

7.

1 0 .5 : W e b D a t a E x t r a c t o r i n i t i a t i n g t h e d a t a e x t r a c t i o n w i n d o w s

W e b D a t a E x t r a c t o r w ill s ta rt c o lle c tin g th e in f o r m a t io n

(em ails,

phones, fa x e s , e tc .). O n c e th e d a ta e x tr a c tio n p ro c e s s is c o m p le te d , a n
In fo rm atio n d ia lo g b o x a p p e a rs . C lic k OK




T=mn‫ ־‬tr

W e b Data Extractor 8.3

9' £
Cdit

Open

Jobs |0 |/ [ir j
O
tort

C speed
ur.

0.00kbp:

A‫״‬g. ®peed

Ctofj

0.00 kbp*

Session Meta tags (64) Em (6) Fhones(29) Faxes (2 ) M
ails
7
erged list Urls(638) Inactive sites
URL proressed 7
4

Site processed: 1/1. T e: 2:57 m
im
in

Traffic received 626.09Kb

‫־‬
m
Web Data Extractor has finished toe session.
You can check extracted data using the correspondent pages.

&

M e ta T a g E x tra c to r

m o d u le is d e s ig n e d t o
e x t r a c t U R L , m e t a ta g (t id e ,
d e s c r ip t io n , k e y w o r d ) f r o m
w e b - p a g e s , s e a r c h r e s u lt s ,
o p e n w e b d ir e c t o r ie s , lis t o f
u r l s f r o m l o c a l f i le
F IG U R E

1 0 .6 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s

T h e e x tra c te d in f o r m a t io n c a n b e v ie w e d b y c lic k in g th e ta b s
Web Data Extractor 8.3

m
New

0
Qpen

E<
*

® ‫יין‬
Stop

Jobs 0 / 5

Cu speec
Avg speed

Start

Meta lags Emais Phones Faxes M
erged list Urls

0
00kbps
0
00kbps

I
I

Inactive sites

Sites processed 0/0 T e: 0m
1 im
sec
Traffic received 0bytes

F IG U R E

S e le c t th e

1 0 .7 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s

M e ta tag s ta b to v ie w th e U R L , T id e , K e y w o r d s ,

D e s c r ip t io n , H o s t , D o m a in , a n d P a g e s iz e in f o r m a t io n
File View

EQ if you w a n t
WDE to stay
w ith in firs t page,
ju s t s e le c t
"Process First
P age Only". A
settin g of ”0" w ill
process and look
fo r d a ta in w h o le
w e b s ite . A
s e ttin g of "1" w ill
process index or
hom e page w ith
asso cia ted file s
under root dir
only.

Help

u
New

E
E«

O ‫־‬r
p

© p

Start

Stop

Jobs 0 j/ 5

C r. ipeed 0 0Japs
u
.C

■‫ס ״‬
‫־‬

Avg. speed 0.C0 lops

[ Sesson | Mcto tags G4) | E n (6] Phores (23) Faxes(27| M ed1t
n afc
erg s

U (638)
1I5

Inactive sites

B
URL
T
itle
K ord*
eyw
Descupticn
H sto a Page 5 Page l
oD m
iz
<
M ://cett1 a:ke1 1
p
edh
c0 r»/Bec1 /1 1 _C jffy.h Your corrpany • eciDesdetail b rn keywads t A shat descrotion o you http://certf1 c m ‫/ 1/ ו8 שו‬
Fe$ ;h cken 1 h
H
o e
f
edhi c
o
22
trtp //ccW1
eJk»-ke1co*1
/R«;i|jes/dppe_1
;dket11l ,!‘ u uonpany •
t1 o r
Recipesdetail Su e keywuds 4 Asfwt (fescrption o you hU
m
f
p.//cef(V co 1 1 7 /1 /
iedMc m 0 4
22
h’tp://e*<ifi*dh*:k*tco«v/R*cip*«/Chick*n_with_b• Your eonrpary •
R*cip*cd*Uil So ‫ ־‬k«ywadc 4 A sh rt d4ccrotio1‫ ׳‬o you hUp://c#rtfi*dh co 9 9
n!•
• o
f
1c m 5 4
/1 /
22
h‫־‬
tp://cettf1
edha:ke1co«v‫׳‬Recces/contact-u$.htm Your corrparv • ontact js So e kevwads 4 A shat descrbtion o you h :/ ce d <c m 5 2
l
C
m
‫־‬
f
ttp / rtifio h c
o
88
/1 /
22
o
h‫־‬
tp://cetf1
edha:ke1co«r»/Recif:e$/honey_cake.hlm Your corrpany •
l
Recipesdetail So e keywads 4 A shat descrption o you http://certifiedhic m 9 5
m
‫־‬
f
c
35
/1 /
22
h‫//: ־‬cetf1
tp
edha:ke1com/RecifesAebob.N l
m
Your corrpany • ecipesdetail So e keywads 4 A shat descrbtion o you h ://certifiedhic m 8 9
R
m
‫־‬
f
ttp
c
o
37
/1 /
22
hup.//ce*rf«dhacketco«t/‫׳‬Rgcice3/1ncruhtm
l
Your corrpary • en
M u
So e keywads 4 A slot desciptiono you http
m
f
://certfied <c m 7 9
h co
S0
/1 /
22
lvtp://ce*ifiedhoske1co«/n5ciee«/1ecipes.hlm
l
Your corrpary Recipe!
So e kcywcidi 4 A sh rt descriptio o you hN ://ccrtficd <c m 1 7
m
‫ ־‬o
n f
p
h c
o
21
/1 /
22
9E3
5 ‫1/ר‬
htfp//c*‫־‬ifi* h :4 e eoiiv/Redpet/Chines^Peppe^Your corrpary •
» dA c1
Recipesdetail ?om k6yv*‫־‬
»
rds4‫־‬Ashcrt d*«e1 tio ofyou htlp//eerlifiedh; c
ip n
h!tp://ce‫1 ־‬
tf edha:ketco«v‫׳‬Recice$/!ancoori chcken Your c n a > •
o rp a Recipesdetail So e kevwads 4 A shat descrbtion o vou h :// rtifie h c m 8 6
m
‫־‬
f
ttp ce d <c
o
£2
/1 /
22
C0
h,tp://ce-tifiedhaê1cotv‫׳‬R2cipes/‫׳‬ecip etail.h Your corrpany •
es-d
tm
Recipesdetail So e keywads 4 A shat descrption o you h :// rtifie h c m 1 8 4 /1 /
m
‫־‬
f
ttp ce d <c
o
22
o
37
h!tp://cetifiedha:ke1co«v‫׳‬Socid M
edia.'abcu s.h U ite• Together s Better(creat keyword:, orphia:Abcier descriptior o th :http://certifiedhi c m 1 2 4 /1 /
t-u tm n
f is
1
22
h tp U1ejhaêtco«v‫׳‬R c1
1 ://ce‫־‬
5 f:es/1 e -ca D t Your corrpany • en categorySo ekeywads 4 A shat descrotion o you http://certf1d < o 1 5 4 /1 /
n ru teg fy.h
M u
m
‫־‬
f
e h c1m 1 8
22
h!tp://cetifiedha*e1cor1/R5cipes/ecipes-:ategory.lYour corrpany ■
Recipescateg! So e keywads 4 A shat descrbtion o you http rtfied <c1m 1 4 1 /1 /
m
‫־‬
f
://ce h o
25
22
h,tp:/‫׳׳‬cetifiedho;ketcom/Socid M
cdio/so pleb g U
m lo .I nite Together e Better(crcot keyw
ord*, ofpho-Abod descriptior
of U3 1h :/ ‫׳‬certifiedhi6 3
n■ ttp ‫/׳‬
i
1c2 9 /1 /
22
hitp7/ce‫־‬
hfie:t»rket com ocid M
/S
edia/sam
plecorte U
nite- Together t Better(creat keyw
s
ord;, o ph b r d
r ra-A rie escrip n
tio
of Ih h ‫־‬
is ttp//certifiedhi c 2 4
co 1 1 3 /1 /
m
22
h ://cetifiedhackeicon/Spciel Media.’sam
:tp
pleloain.
h ://certifiedhi o 1 8
ttp
c1m 4 9
/1 /
22
htp://cetifiedhackeicom jrbc M /iepngw htc
/T
ex
.
h :/
ttp /certfied <o 5 2
h c1m 2 7
/1 /
22
h‫־‬
tp://cetifiedhaêtcom/Sxicl M
edia.’sam
pleporifc Unite•
Together s Better(creat keyw
ord?, o ph A b r descriptior of !h 1h :// rtifie h 1o 1 5
r ra: rie
is ttp ce d <c m E2 9 /1 /
22
http://cethedhackeicom n th trees/b g tm U d th Trees
/U der e
lo .h l n er e
h
ttp://certifiedhi o 8 9
c1m £ 3
/1 /
22
frtp://cetifiedhacketconn/Under th trees/contact.ht U d !‫־‬th Trees
e
ne e
h ://:ertried <cm 2 3
ttp
h co
S6
/1 /
22

1
1
1
1
1
1
1
1
2
/
2
1
1
1
1
1
1
1
1
1
1
1
1

F IG U R E

10. S e le c t

1 0 .8 : W e b D a t a E x t r a c t o r E x t r a c t e d e m a i l s w i n d o w s

E m ails ta b to v ie w th e E m a il, N a m e , U R L , T it le , H o s t ,

K e y w o r d s d e n s ity , e tc . in f o r m a t io n re la te d to e m a ils





‫י‬

£

NV
5»

Edt

5

H!

0 n
p5

Start

e

Jobs 0 / 5

1

C r speed 0C kfapt
u
M
Avg. tpscd 0 Ckbps
.0

Stofi |

1
1

Session M 095(64) | Enaih (6) |?hones |2 ) Fc«cs(27) M ed 1t U (G 3 Inactivesrei
eta
9
erg s rls 3 )
E n il
-a
N
arre
con 0 jrite reapazinecsm
cact
runitv. con
tact
1 1 tro re D
rro« n sp .s‫״‬e
n
fo
5ale5@
Tt!o:p*ew f
=c
sdes
5 p 0t
Lp‫־‬
su crt@ t‫־‬
pD n otprev e
ub
aalia@dis3r.con
aalia
co
rtact@ cn D c m
!> ap tt. o
contact

m WDE send
queries to search
engines to get
matching w ebsite
URLs. N ext it
visits those
matching
w ebsites for data
extraction. How
many deep it
spiders in the
matching
w ebsites depends
on "Depth" setting
of "External Site"
tab

URL
T le
fc
H st
o
httpJ/cettifiedhackor.conv'Social M U it© T p tk isB3 (creat3c h :< cettified a ef.c
ed n
o e e* ttef
ttp 7
h ck
h :/ ce fied 3 er.ccrrv‫׳‬c0Dcrate‫־‬
ttD l/ !t1 h ck
l(
l‫//: ־‬ce‫1־‬e h c 5 o
ttD tf d 3 k r.c rr1
‫־‬
h ://ceitified 3
ttp
h ckcr.co ‫'׳‬co o k
m rp rate‫־‬
h .//ceitifiedh
ttp 1
ackcr.com
h
ttp:J/cettifiedh ckerco / rp e3
mco cr^ k
h <
ttp /ce‫׳‬tifedhackercorr!
h /cettified ack m lio P■o
ttp^
h er.co /P-fo /ccn F lio
http://cetifed acker.com
h
h ://co d :1 o n ‫׳‬Ro
ttp !tifio h ck r.co Y ciposAoVou co‫ ־‬p ‫3 >׳‬ecpos
r» a y
Htp:7‫׳‬cetifodh:jck0r.c

F IG U R E

11. S e le c t th e

Ky od dnit Ky cc
ewr s esy eivr s
0
0
0
0

1 0 .9 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w

Phones ta b to v ie w th e in f o r m a t io n re la te d to p h o n e lik e

P h o n e n u m b e r, S o u r c e , T a g , e tc .

‫^ד‬
‫חד‬

Web Data Extractor 83

0

m

g *

%

Open

Start

9
1
St0Q |

Jobs 0 / 5

C speed 0.00kbps
ut.

1

Avg speed 000 kbos

1

j Session Metatags (64) Em (6) | Phenes (29)"| Faxes (2 ) M
ails
7 erged list Urls (6 8 Inactive sites
31
Phone
1013853
802966
1013853
802966
1013853
802966
1?345659863?
1013853
802966
8 0 2 98 5
0 1 3 6 63
1 00 2 9 6 6
8 13853
18‫3 5 8 3 1 ש‬
2966
1042
019
1091
5192
18‫6 6 9 21 ש‬
3853
1 00 2 9 6 6
8 13853
1 00 2 9 6 6
8 13853
9 12 4 6
0 357
66587
62892
66587
62892
66587
62892
66587
62692
18‫3 5 8 3 1 ש‬
2966
120
009
120
303

‫זלל‬
‫חל‬
‫מ‬

‫׳‬dace
S
18 0139 66
-3-2-353
18 0139 66
-3-2-353
18 0139 66
-3-2-353
♦ ?3 4 6 5 8 3
1 -5-$6?
18 0139 66
-3-2-353
801 39 8 6
0-2-853
18 01 3 9 6 6
- D- 2 - 3 5 3
1811396 6
-X-2-353
100-1492
1 0 19912
5
18 0139 66
-3-2-353
18 01 3 9 6 6
- D- 2 - 3 5 3
19X123 9 6 6
353
+ 0123458
9
7
(6 5 5 -89 2
6 )2 6 7
(6 5 2 6 8 7
6 ) 5-52

Title
H
ost
Keyw de Key /
ords
http://certifiedhacker.com
/Online B o r> /a Onlne 300kina: Siterru http://certifiedhackef.c1
:> k a >
/Online B o u g bc Onlne Booking. Brows http://certifiedhackef.c1
:> * n / ‫־‬
/Online B^oking/c* Onine Booking: C e l■http://certifiedhackef.c1
hc
http7/certifiedhackef rom
/Dnline Bsokinfl/ea Onine Booking Conta http7/eertifiedhaek« c!
call
/Online B 0 g Onine Booking: Conta http://certifiedhackef.c1
5 k*> /c:*
/Online Bxjking/ca Onine Booking: Conta http://certifiedhackef.c1
call
http://certifiedhacker.com nline Bookirtg/facOnine Booking: FAQ http://certifiedhackef.c1
/'O
call
/Online Bx>
king/p3 Onine 300king: S m http://certifiedhackef.c1
i
ite <
/Online B > in / e Onine 300king: Searc http://certifiedhackef.c1
x k g$<
http^/cortifiodhackor.convOnline B»oking/sei Onine Booking: Searc ht‫׳‬p://certifiedhackef.c!
call
/Online B 0 in /se<Onine 300king: Searc http://certifiedhackef.c1
5k g
/Online Booking/tenOnfine Booking: Typoc http://certifiedhackef.c1
call
http://ccrtificdhackcr.com
/Onlinc B50 g/h l Onine D okin Hotel http://ccrtifiedhacka.ci
kin D
o g:
call
Phone h ://certifiedhacker.co /P-folio/cDntaclhtri P-Foio
ttp
m
h ://certifiedhackef.c!
ttp
/Real Estates/page: Professional Real Esta ht‘p://certifiedhackef.c!
/Real Eslates/pags: Professional Real Esta h :/
ttp//cerlifiedhackef.ci
/Real Estates/page: Professional Real Esta h ://certifiedhackef.c!
ttp
(6 0 5 -85 2
6 )2 6 7
/Real Estates/page: Professional Real Esta h //certifiedhackef.c!
ttp
(660) 2 6 8 7
5-22
/Real Estates/peg* Professional Real Esta h //certifiedhackef.c!
ttp
1 8 0 1 3 9 6 6 call
-3-2-353
/'Social Media/sarrpUnite •
Togetheris Bet h //certifiedhackef.c!
ttp
102009
/Under th treesTbcUndef lie Trees
e
h //certifiedhackef.ci
ttp
132009
http://cert11
fedhacker.com
/Under th trees/bc Undef tie I fees
e
h ://certifiedhackef.ci
ttp
77 xrw
•?Air I Irvfef Tit
hr ■/ p p A r,
H / p rtiK rlh rlf«
>
httrv/ (‫ * ־‬rlh rk
/ • rrifiA A A

F IG U R E

call
call
call

1 0 .1 0 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w

12. S im ila r ly , c h e c k

fo r

th e

in f o r m a t io n

under

F a x e s, M e rg e d

lis t , U r ls

(6 3 8 ), In a c t iv e s ite s ta b s
13. T o s a v e th e s e s s io n , g o to


File a n d c lic k Save session


M odule 02 - Footprinting and R e co n n a issa n ce


----

File| View Help
Edit session

Jobs 0 J / 5

C speed
ur.
Avg. speed

Open session
S«vc session

ctti-s

| s (29) Faxes (27) M
erged list Urls (638 Inactive sites

Delete sesson

URL procesced 74

Delete All sessions

Traffic received 626.09 Kb

Start session
Stop session
Stop Queu ng sites
bit

S Save extracted
fe
links directly to
disk file, so there
is no limit in
number of link
extraction per
session. It
supports
operation through
proxy-server and
works very fast,
as it is able of
loading several
pages
simultaneously,
and requires very
few resources

F IG U R E 10.11: W e b D a ta E x tra c to r E x tra c te d P h o n e d etails w in d o w

14. Specify the session name in the Save session dialog box and click OK

'1^1®' a ‫׳‬

[File View Hdp

m0
New

£<*»

p 1«

Qpen

Start

I

£
Stoc |

Jobs [0 |/

C r. speed 0.0Dkbps
u

1

Avg speed 00 kbps
3

1

Ses$k>r Meta tegs (64) Em (6) Phones (29) Faxes (27) M
ails
erged list Urls (638) Inactive sites

f

S*o piococcod 1 1. Tim 4:12 m
e
in

URL pcocesied 74
Tralfic receded 626.09 Kb
Save session

‫־ ־‬
‫נ^ו‬

Please specify session nam
e:

F IG U R E 10.12: W e b D a ta E x tra c to r E x tra cte d P h o n e d etails w in d o w

15. By default, the session will be saved at
D:UsersadminDocumentsWebExtractorData




L a b A n a ly s is
Document all die Meta Tags, Emails, and Phone/Fax.
T o o l/ U tility

Information Collected/Objectives Achieved
Meta tags Information: U R L, Title, Keywords,
Description, Host. Domain, Page size, etc.

Web Data
Extractor

E m a il Information: Email Address, Name, U R L,
Title, Host, Keywords density, etc.
Phone Information: Phone numbers, Source,
Tag, etc.

PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS
RELATED TO THIS LAB.
Q u e s t io n s
1. What does Web Data Extractor do?
2.

H ow would you resume an interrupted session 111 Web Data Extractor?

3.

Can you collect all the contact details of an organization?

Internet Connection Required
□

Yes

0 No

Platform Supported
0 Classroom


0 iLabs



I d e n tif y in g V u l n e r a b i li t i e s a n d
I n f o r m a t io n D i s c l o s u r e s in S e a r c h
E n g i n e s u s i n g S e a r c h D ig g ity
/V
aluable
m ation___
form
Test your
know
ledge
*4 W exercise
eb
m

W
orkbookreview

S a hDiggity is t eprimary attack to lof t eG o leHacking D gityProject It
e rc
h
o h og
ig
is a MS Wind n GUIa pc tio thats r e a afro t- n t t elatestv r io s
n
os
p li a n
ev s s n e d o h
es n
of Diggity to ls G o le ig it , BingDiggity, Bing LinkFrom
o : o g D gy
Dom
ainDiggity,
C d S ac Dg ity DLPDiggity, FlashDiggity, Maina D g , Po/tSc n ig ity
o eerh i g ,
re ig ity
aD g ,
SHOD.4NDiggity, BingBina/yMalnareSearch, andNotlnMyBackYardDiggity.
A n easy way to find vulnerabilities 111 websites and applications is to Google
them, which is a simple method adopted by attackers. Using a Google code
search, hackers can identify crucial vulnerabilities 111 application code stnngs,
providing the entry point they need to break through application security.
As an expert ethical hacker, you should use the same method to identify all
the vulnerabilities and patch them before an attacker identities them to exploit
vulnerabilities.

The objective of tins lab is to demonstrate how to identity vulnerabilities and
information disclosures 111 search engines using Search Diggity. Students will learn
how to:
H Tools
demonstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 02
Footprinting and
Reconnaissance


■

Extract Meta Tag, Email, Phone/Fax from the web pages

T o carry out the lab. you need:
■

Search Diggity is located at D:CEH-ToolsCEHv8 Module 02
Footprinting and ReconnaissanceGoogle Hacking
ToolsSearchDiggity

A ll Rights Reserved. Reproduction is Stricdy Prohibited.


■

■

■

You can also download the latest version of Search Diggity from the
link http: / /www.stachliu.com/resources /tools /google-hacking-diggitvproject/attack-tools
If you decide to download the latest version, then screenshots shown
111 the lab might differ
Tins lab will work 111 the C E H lab environment - 011 Windows Server
2012. Windows 8. Windows Server 2008. and Windows 7

L a b D u r a tio n

Time: 10 Minutes
G o o g le D ig g ity is the
p rim a ry G o o g le h ackin g

O v e r v ie w o f S e a r c h D ig g it y

to o l, u tiliz in g th e G o o g le
JS O N / A T O M C u sto m
S e arch A P I to id e n tify
vu ln e ra b ilitie s and

Search Diggity has a predefined query database that nuis against the website to scan
die related queries.

in fo rm a tio n d isclo su res v ia
G o o g le searching.

Lab T asks
1. T o launch the Start menu, hover the mouse cursor 111 the lower-left
corner of the desktop

F IG U R E 11.1: W in d o w s S e rve ! 2012—D eskto p view

2. 1 1 the Start menu, to launch Search Diggity click the Search Diggity
1

Launch Search
Diggity

A dm inistrator ^

S ta rt

MMMger

tools

a

Myp«‫־‬V
f/anaqer

*j

m
Command

‫?״‬

F"

Google
Chrome

*

Control
Panel

%
Hyper V
Vliiijol
Machine..

1 Vy»1hOt

Adobe
Reader X

o

g
•

T

M
ozilla

Internet
Informal).
Services..

©

‫י‬

F IG U R E 11.2: W in d o w s Server 2012 — Start m enu




3.

The Search Diggity main window appears with Google Diggity as the
default

s s - . Q u e rie s — S e le ct

‫ה‬

G o o g le d ork s (search

Aggr«$$M

q u eries) yo u w ish to use in

Wnja

Google Custom sparer‫ ־‬ID: Create

Queries

scan b y ch eck in g

Cautious

r ‫ ח‬FS06

a p p ro p riate boxes.

Category

t □ GK>*

Sutxsteqory

search String

Page Titfe

l □ Q C iRibOfn
l □ SharePoart 0»ggrty

> Usioe
> I ISLOONCW
> f 1DLPOwty Initial
*
NonSWF seartfes
& t ] FtashDggty ln©ai

Google Status: Ready

Download Progrss: Id« 0‫*.׳‬n Fo 1>

F IG U R E 11.3: Search D im ity —M a in w in d o w

4.

Select Sites/Domains/IP Ranges and type the domain name 111 the
domain field. Click Add
Ooton?
CodeSearch
S«rpl«

MH0
Brng

llnkfromDomniri

DLP

Flash

Mnlwor#

PortS«ar

HorTnMyfi.vfcvird

BingMnlwnr#

| csf.o
m ocm
rC
o

Advanced

I
Quer*s

‫ נ‬nFD
‫ ׳‬S6

Category

t Q GH06
>

Subcategory

Search Stnng

_(
Ca
lr
e

S Korinn

IjlT.Tll

H
ie
d

Page Ttie

> □ GHDBRebom

£ 0

D o w n lo a d JB u tto n —

S e le ct (h ig h lig h t) on e o r
m o re re su lts in th e results
p ain , d ie n c lic k th is b u tto n
to d o w n lo ad d ie search

? p SharePDtit Diggty
> 12 SLD3
> □ sldbnew
> r DLPDigg.ty Intial
Flash MorrS'AF Seerches

>
t FFsDgIna
> i hi t t l
a gy i

Selected Result

re su lt file s lo c a lly to yo u r
co m p u ter. B y d e fa u lt,
d o w n lo ad s to

D:D iggityD ow nloa
d s.

Gooqk* Slatuk: Reedy

Download Protjrvvs: Id •
<
*

F IG U R E 11.4: Search D im ity - Selecting Site s/D o m ain s/IP Ranges




m

5.

The added domain name will be listed in the box below the Domain
held

Im p o rt B u tto n —

Im p o rt a tex t file lis t o f
d o m a in s / IP rang es to

^5

scan. E a c h q u ery w ill be

Search Diggiiy
File

Codons

|- I ‫ם‬

x

Helo

ru n ag ainst G o o g le w ith
J

s i t e : y o u r d o m a in n a
m e . co m ap pended to it.

r ~^eSeard1

SmuJe

Bing

LinkFromDomain

Advanced

|

SU N

DLP

Flash

MaHware

PcriSczn

HatfrMyBadcyard

Settings

|

Query Appender
*

BingMalvsare

Shodan

Le. exanfie.ccrn <or> 1 8 192.100.1
2.

1
msm
----------------

Pro‫־״־־‬

|B
*

b

microsoft.com [Remove]

9 I

de ar

Queries

Hide

fr 1!! F5PB
Subcategory

fr E: CHD6

Search String

Page Title

URL

fr C GHDeReborr
fr (v sfiarcPon: oqgkv
fr (lJ S1DB
fr □ SI06NEW
fr IT OtPDlQqltY Iftlldl
fr C Rash HanSMlF Searches

Soloctod Result

- (T RashDig^Ty inrtial

1

fr C SVVF Fk dng Generic
fr □ SVVF Targeted 5eorches

j

*
Google Status: Red

Dotviihjad Progress: tzk! C?‫ ־‬n Fo.d‫־‬r

F IG U R E 11.5: Search D ig g ity —D o m ain added

6.

aa t a s k

2

Run Query against
a website

Now , select a Query Irom left pane you wish to run against the website
that you have added 111 the list and click Scan

Note: 1 1 this lab, we have selected the query SWF Finding Generic. Similarly,
1
you can select other queries to run against the added website
"5

Seaich Diogity
oodons
CodeScarfr

‫םי ־י‬

x

HdO
Bing

LirkfrornDomam

DLP

,‫1י״‬
■
'

Flash

Malware

PortScan

HotiftMyflxIcyard

Settings

1

. Caned

Oownloac]

Proxies

SingMalwnre

Shodan

< .Q 1 fcfll1 <»> 12
6.192.100.1
1

1

microsort.com [Kcmove]

lEOal

1

Clear

Hide

□ F‫ ־‬D
6
Category

□ GHD6

Subcategory

search string

ps ge Title

URL

O GHDBRebom
□ SharePoinl t>ggiy
□ SLOB
O SLDBNEW
□ DIPDigjjty T rtio
n l

m

W h e n scann in g is

Selected Result

□ Fiasf nodswf s«arch«s
[ FiasjiDtggjty Initial_____

kicke d o ff, th e selected

117 SWF Prdr>g Gencric]

q u e ry is ru n ag ainst the

fr n SWF Targeted Searches

co m p lete w eb site.
boogie status: ReacJy

Download Progress: :de

holJt'

F IG U R E 11.6: Search D ig g ity — Selecting query and Scanning

1



m

7.

The following screenshot shows the scanning process

R e s u lts P a n e - A s

scan ru n s, re su lts fo u n d w ill

^

x -

Search Dignity

b eg in p o p u latin g in th is
w in d o w pane.

LinkFromDomain
5n 33
r 1

PortScan

ftotinM/Backyard

AcS‫׳‬arced

BingMalware

S hodan

> 128.192.100.1
Cancel

rrecrosoft.com [Rer ove]

Proxies

Download

| _________
_

|

Ceai

Hide

□ F5D6
□ GHDB

Cntegory

Subcntegory

Search String

Page T*e

URL

*

rttp ://vww.mKTO?ott.com/europe/home.swt

□ GHOBRetoorr

<
F1a«hD1gg!ty ]m SWF Finding G exfcswt ste :mu Finland irrxrg
l

‫ ח‬sliaroPoin: Digqty

/napp01nt/flosh/Mapl'o1r1t
FlastiDiggity ]m SWF Finding G ext:swt ste:m1< Start the Tour j http://vr//7v.rn1cr0xtt.com
l
<

5106 ‫ט‬

F-lastiDiaqity inn s w f Finding G oxt:swf s1 c:m1< cidc h«rc - mic -ttp:,7vwMm1cr0Mft.com/learn1nq/elcarr1nq/Dcmosl Z
<
t

□ SLD6ICW

‫ם‬O ig Irta
lOlYtli
Pgt

S« totted Result

□ Tosh NonSWF Searches
□ HashDtg^ty ustal
(✓ SWF Finding G»rwr<

m

S im p le — Sim p le

■ □ SWF Targeted Search

Not using Custom Swai 1> ID
J
Request Delay Interval: [0m5 120000ms].
Not using proxies
Simple Scan Started. [8/7/2012 6:53:23 pm !
Found 70 results) for query: ext:sv.151te:m!crosoft.c0fn .

search te x t b ox w ill a llo w
yo u to ru n on e sim p le
q u e ry at a tim e, in stead o f

Google Status: Scanning..

Download Progress: t i t ' - Fo d~r
r»

u sin g th e Q u erie s ch eck b ox
F IG U R E 11.7: Search D ig g ity— Scantling ill progress

d ictio n arie s.

All the URLs that contain the SW F extensions will be listed and the
output will show the query results

ca

O u tp u t — G e n e ra l

o u tp u t d e scrib in g the
p rog ress o f th e scan and
p aram eters used..

F IG U R E 11.8: Search D ig g ity - O u tp u t w in d o w

L a b A n a ly s is
Collect die different error messages to determine die vulnerabilities and note die
information disclosed about the website.
To o l/ U tility
Search D igg ity


Information Collected/Objectives Achieved
Many error messages found relating to vulnerabilities



PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS
RELATED TO THIS LAB.
Q u e s t io n s
Is it possible to export the output result for Google Diggity? If yes,
how?

Internet Connection Required
0 Yes

□ No

Platform Supported
0 Classroom


□ !Labs

A ll Rights Reserved. Reproduction is Stricdy Prohibited.

Ceh v8 labs module 02 footprinting and reconnaissance

More Related Content

What's hot (20)

Similar to Ceh v8 labs module 02 footprinting and reconnaissance (20)

Recently uploaded (20)

Ceh v8 labs module 02 footprinting and reconnaissance