Posted on by

DNS footprinting for beginners

Hello, aspiring Ethical Hackers. In our previous blogpost of Footprinting guide, you learnt about various techniques of Footprinting. In this blogpost, you will learn about DNS Footprinting which is one of the techniques of Footprinting. But first, what is DNS? DNS stands for Domain Name Service. In simple terms, DNS is like translation service between humans & browsers. Why do I say so?

Let me explain you. You open a browser and type a domain name (ex:hackercool.com) to visit a website. Web browsers have no idea about this domain name or for that matter any domain name because web browsers communicate with servers through Internet Protocol addresses. Then how web browsers take you to the website you want. Thanks to DNS (Domain Name Service) translates domain names to IP addresses. Lean more about how DNS works here.

What is DNS Footprinting?

DNS Footprinting is a technique in which attackers gather DNS information about the target system. A DNS server stores information such as DNS domain names, computer names, IP addresses and other network related information. It also has some records that are important. Here are the types of records a DNS server can have.

DNS Footprinting 1

How does it help in Pentesting?

DNS Footprinting can reveal other information about server related to the network and in some cases expose entire Zone data. DNS Footprinting is very simple. Let’s show you two tools popular for DNS footprinting. The first tool is nslookup. Here’s how to use nslookup to query about a domain.

DNS Footprinting 2

We can even query for a specific type of record using nslookup. Let’s query specifically for “NS” and “MX” records.

DNS Footprinting 34
DNS Footprinting 56

There is another tool named DIG that can be used for DNS lookup.

DNS Footprinting 78

This tool can also be used to query for a specific type of records as shown below.

DNS Footprinting 9
DNS Footprinting 1011
DNS Footprinting 1213

Posted on by

Google Hacking for beginners – Part 1

Hello, aspiring Ethical Hackers. In our previous blogpost on Footprinting, you learnt that hackers gather information about their targets using search engines. In this blogpost you will learn about Google Hacking or Google Dorking. Who doesn’t know what Google is. Just for this article’s sake, let me define what it is. Google is the most popular Search Engine that provides answers for anything we want, almost anything. Just a click away.

Google Hacking 1

Google is already an awesome search engine but to make the search engine more precise it has some advanced operators. In other words, searching with some special operators allows Google to provide exact information we want. These are known as Google Dorks. The basic syntax of a Google Dork is,

Operator : term to search or URL

Ex: intitle:hackercool

Some of the important Google operators are.

  • intitle
  • allintitle
  • inurl
  • related
  • allintext
  • cache
  • define
  • allinurl
  • intext
  • site

Let’s learn about each of them in detail.

1. intitle

This query will return all the webpages which have term “hackercool” in the title of the webpage.

Google Hacking 2

2. allintitle

Same as “intitle” but will show pages containing all the multiple keywords specified.

Google Hacking 4

3. inurl

The “inurl” query returns all the webpages containing the specified keywords in their URL.

Google Hacking 5
Google Hacking 6

4. allinurl

Same as “inurl” but can be used to search for multiple keywords in the URL.

Google Hacking 7

5. define

The “define” query can be used to search for a definition of any keyword you specify. For example, let’s search for the definition of hackercoolmagazine.

Google Hacking 8

6. related

The “related” dork of Google is used to search for a website similar to the site you specify.

Google Hacking 9

For example, in the above image, we search for sites related to Facebook and Google has returned similar networking sites like Twitter, Pinterest, LinkedIN. Note that this google dorks only takes websites as keywords.

7. cache

The cache query returns the latest cached version of the website Google has stored. This dork too needs website as keyword.

Google Hacking 10 1024x576

8. intext

The “intext” query returns all the webpages having like specified “text” in their content.

Google Hacking 11

9. allintext

The “allintext” query is same as “intext” but can be used to search webpages having multiple keywords in their content.

Google Hacking 12

10. site

The “site” query is useful in limiting your search to a particular website.

Google Hacking 13

Read Part 2 of Google Hacking.

Posted on by

OSI Model for beginners

Hello aspiring Ethical Hackers. In this blogpost you will learn about the OSI model. The OSI (Open Systems Interconnection) Model is a theoretical framework for the design and implementation of computer networks. It was developed by the International Organization for Standardization (ISO) and is used as a reference for the design of communication protocols and communication interfaces. As an ethical hacker, you need to have a proper understanding about basic structure of networks and the protocols and frameworks guiding it. The importance of the OSI Model lies in its ability to provide a common language for the design and implementation of computer networks.

OSI model

In OSI Model, the network is divided into seven layers. These layers from bottom to top are the Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, and Application Layer. In this article, we will explore each of these layers in more detail.

OSI model for beginners

The OSI model outlines the process of transmitting information from a network device such as a router to its final destination via a physical medium and how the communication with the application is managed. In simpler terms, it establishes a standardized method of communication between various systems. It helps to ensure that communication between different computer systems is possible by breaking down the communication process into seven distinct layers, each with its own set of protocols and functions.

OSI Model 3

The seven layers of the OSI Model, from bottom to top, are the Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, and Application Layer. In this article, we will explore each of these layers in more detail.

Layer 1: Physical Layer

The Physical Layer is the first layer of the OSI Model and is concerned with the physical transmission of data between computers. It defines the electrical, mechanical, and functional specifications for the physical connection between devices.

The role of the Physical Layer in networking is to provide a stable and reliable connection between devices by specifying the electrical, mechanical, and functional requirements for data transmission. It also ensures that data is transmitted in a manner that is consistent with the data format defined in the other layers of the OSI Model.

OSI Model 4

The Physical Layer is responsible for several key functions, including:

  • Establishing and maintaining a physical connection between devices
  • Defining the electrical and mechanical specifications for data transmission
  • Encoding and decoding data for transmission
  • Defining the physical characteristics of the transmission medium

Some examples of Physical Layer technologies include Ethernet, Wi-Fi, and Bluetooth.

Layer 2: Data Link Layer

The Data Link Layer is the second layer of the OSI Model and is concerned with the delivery of data frames between computers. It provides error detection and correction functions and defines the format of the data frames that are transmitted between devices.

The role of the Data Link Layer in networking is to provide reliable data transmission by ensuring that data frames are delivered to the destination device in a timely and accurate manner. It also provides error detection and correction functions, which help to ensure the accuracy of the data that is transmitted.

The Data Link Layer is responsible for several key functions, including:

  • Defining the format of the data frames that are transmitted between devices
  • Error detection and correction
  • Flow control and media access control
  • Media-independent transmission of data frames
OSI Model 5

Layer 3: Network Layer

The Network Layer is the third layer of the OSI Model and is concerned with the routing of data between computer networks. It provides the means for transmitting data from one network to another and ensures that data is delivered to its intended destination.

The role of the Network Layer in networking is to provide an efficient and reliable means of transmitting data between computer networks. It also ensures that data is delivered to its intended destination by routing it through the network in an efficient and effective manner.

OSI Model 6

The Network Layer is responsible for several key functions, including:

  • Routing data between computer networks
  • Providing end-to-end connectivity between devices
  • Encapsulating data for transmission between networks
  • Ensuring the reliability and efficiency of data transmission

Some examples of Network Layer technologies include IP (Internet Protocol) and ICMP (Internet Control Message Protocol).

Layer 4: Transport Layer

The Transport Layer is the fourth layer of the OSI (Open Systems Interconnection) Model and is responsible for reliable data transfer between end systems. It is the layer that divides data into manageable segments and ensures that each segment reaches its destination without any errors or lost data.

The Transport Layer is critical to the functioning of a network as it ensures the reliability of data transmission. It does this by dividing data into segments, which are then transmitted and reassembled at the destination end. This layer also provides flow control, which prevents the sender from overwhelming the receiver, and error control, which detects and corrects any errors that may occur during transmission.

The Transport Layer performs several key functions, including:

  • Segmentation: The Transport Layer divides data into segments for transmission.
  • Flow Control: This function ensures that data is transmitted at a rate that the receiver can handle.
  • Error Control: The Transport Layer checks for errors in the data and ensures that any errors are corrected.
  • End-to-End Connectivity: The Transport Layer provides end-to-end connectivity between applications running on different end systems.

There are two main types of Transport Layer protocols:

  • TCP (Transmission Control Protocol): This is a reliable, connection-oriented protocol that ensures that data is transmitted accurately and completely.
  • UDP (User Datagram Protocol): This is an unreliable, connectionless protocol that does not guarantee the delivery or accuracy of data. It is used for applications that do not require reliable data transmission, such as video streaming.
OSI Model 7
OSI Model 8

Layer 5: Session Layer

The Session Layer is the fifth layer of the OSI Model and is responsible for establishing, managing, and terminating communication sessions between applications. A session is a continuous exchange of information between two applications and can involve multiple data transfers.

The Session Layer provides a framework for applications to communicate with each other. It coordinates the communication process between the applications and ensures that the data is transmitted in an orderly and synchronized manner. The Session Layer also ensures that the communication between the applications is maintained until it is terminated by either the sender or the receiver.

OSI Model 9

The Session Layer performs several key functions, including:

  • Session Establishment: The Session Layer establishes a communication session between two applications.
  • Session Management: The Session Layer manages the communication session by maintaining the synchronization of data transfer.
  • Session Termination: The Session Layer terminates the communication session when it is no longer needed.

There are several Session Layer protocols, including:

  • NFS (Network File System): This is a popular protocol for sharing files over a network.
  • RDP (Remote Desktop Protocol): This is a protocol for remote access to a desktop.
  • SSH (Secure Shell): This is a protocol for secure remote access to a computer.

Layer 6: Presentation Layer

The Presentation Layer is the sixth layer of the OSI Model and is responsible for providing a common format for data exchange between applications. The Presentation Layer is responsible for converting data from the Application Layer into a standardized format that can be understood by both the sender and receiver.

The Presentation Layer is responsible for data representation and encryption/decryption of data. It ensures that the data transmitted between applications is in a standard format and can be understood by both the sender and receiver. The Presentation Layer also provides a means for data compression and decompression to reduce the amount of data transmitted over the network.

OSI Model 10

The Presentation Layer performs several key functions, including:

  • Data Conversion: The Presentation Layer converts data from the Application Layer into a standard format that can be understood by both the sender and receiver.
  • Data Compression/Decompression: The Presentation Layer can compress data to reduce its size for transmission over the network and decompress it for use by the recipient.
  • Data Encryption/Decryption: The Presentation Layer can encrypt data for transmission over the network and decrypt it for use by the recipient.

There are several Presentation Layer protocols, including:

  • MIME (Multipurpose Internet Mail Extensions): This is a protocol for the representation of multimedia content.
  • SSL (Secure Sockets Layer) and TLS (Transport Layer Security): These are protocols for securing data transmission over the internet.

Layer 7: Application Layer

The Application Layer is the top layer of the OSI Model and is responsible for providing a user interface for network applications. It is the interface between the network and the user, allowing applications to request and receive network services.

The Application Layer is responsible for providing network services to applications. It is the interface between the network and the user, allowing applications to request and receive network services. The Application Layer provides a means for applications to interact with the network and access the services provided by the lower layers of the OSI Model.

OSI Model 11

The Application Layer performs several key functions, including:

  • Network Services: The Application Layer provides network services to applications, including file transfer, email, and other network-based applications.
  • User Interface: The Application Layer provides a user interface for network applications, allowing the user to interact with the network.
  • Network Resource Access: The Application Layer provides a means for applications to access network resources, such as databases or file servers.

There are several Application Layer protocols, including:

  • HTTP (Hypertext Transfer Protocol): This is the primary protocol used for web browsing and web application access.
  • FTP (File Transfer Protocol): This is a protocol for transferring files between systems.
  • SMTP (Simple Mail Transfer Protocol): This is a protocol for sending email.

In conclusion, the Application Layer is the top layer of the OSI Model and is responsible for providing network services to applications. Its functions of network services, user interface, and network resource access provide a means for applications to interact with the network and access the services provided by the lower layers of the OSI Model. The Application Layer is crucial for the operation of network-based applications and services.

The OSI Model in Real-World Networking

The OSI Model is widely used in real-world networking, as it provides a standardized framework for understanding and designing networks.

OSI Model 12 1

This model is used in a wide variety of applications, including:

1. Network Design:

The OSI Model is used as a reference for network design, helping network engineers to understand the various components and protocols involved in a network.

2. Network Troubleshooting:

The OSI Model provides a standardized framework for troubleshooting network problems, making it easier for network technicians to diagnose and resolve issues.

3. Network Optimization:

The OSI Model is used to optimize network performance by helping network engineers to identify bottlenecks and other performance issues.

4. Importance of understanding the OSI Model for network technicians:

Understanding the OSI Model is critical for network technicians, as it provides a standardized framework for network design and troubleshooting. Network technicians who understand the OSI Model are better equipped to diagnose and resolve network problems, as well as to design and optimize network performance.

Advantages of OSI Model

There are several advantages to using the OSI Model for network design and troubleshooting, including:

Standardization: The OSI Model provides a standardized framework for network design, making it easier for network engineers to understand the various components and protocols involved in a network.

Modularity: The OSI Model is modular in design, making it easier for network engineers to understand the different layers and protocols involved in a network.

Troubleshooting: The OSI Model provides a standardized framework for troubleshooting network problems, making it easier for network technicians to diagnose and resolve issues.

Understanding the OSI Model is essential for anyone working in the field of computer networking. This standardized framework provides a means of understanding and designing networks, as well as diagnosing and resolving network problems. Network technicians who understand the OSI Model are better equipped to optimize network performance and provide network services to users.

In conclusion, the OSI Model is a critical component of computer networking, providing a standardized framework for understanding and designing networks. Network technicians who understand the OSI Model are better equipped to diagnose and resolve network problems, as well as to design and optimize network performance.

Posted on by

Whois Footprinting for beginners

Hello aspiring Ethical Hackers. In this blogpost you will learn about Whois Footprinting. In our previous blogpost, you were given an introduction to Footprinting and types of Footprinting. Whois Footprinting is one type of footprinting. In my opinion, Whois footprinting is the first method of footprinting that should be used while starting information gathering.

What is Whois?

Whois is actually a protocol running on port 43. When you or any organization register a domain (eg: hackercoolmagazine.com), a record is created. This record is known as Whois record and is created by an organization called Internet Corporation for Assigned Names and Numbers (ICANN) which regulates domain name registration and ownership. Whois records are maintained by Regional Internet Registries (RIR’s). At present, there are five RTR’s allocated to particular regions.

  1. American Registry for Internet Numbers (ARIN)
  2. African Network Information Center (AFRINIC)
  3. Asia Pacific Network Information Center (APNIC)
  4. Reseaux IP Europeens Network Coordination Centre (RIPE)
  5. Latin American and Caribbean Network Information Center (LACNIC)

What information does Whois reveal?

Whois Lookup reveals information like the owner of the domain, contact details of domain owners, IP address network range used by the organization, domain name server and when a domain has been created and the date of its expiry.

Whois Lookup 1

How does it help in Pentesting?

Any business or organization has a website nowadays for which they have to register a domain (person or entity who registers a domain is known as a registrant, while a company registering the domain is known as registrar). So performing Whois Lookup can give anyone information about the domain which can be further used in footprinting.

Types of Whois Lookup

Types Of Whois Lookup

There are two types of Whois Lookup: Thin Whois and Thick Whois.

  1. Thin Whois: Thin Whois Lookup gives only the name of the whois server of the registrar of the domain.
  2. Thick Whois: Thick Whois Lookup reveals complete information from all the registries for a particular domain.

Kali Linux has a default tool for whois lookup named “whois”. This is how to use it.

Whois Lookup Kali 657x1024

Given below are some other Whois Lookup tools.

  1. Whois Lookup (https://www.whois.com)
  2. ICANN Whois (https://whois.icann.org)
  3. MxToolBox (https://www.whois.com/whois/)
  4. Domain Tools (https://whois.domaintools.com)
  5. Who.is (https://who.is/)
Posted on by

Footprinting guide for beginners

Hello aspiring Ethical Hackers. In this blogpost you will learn about Footprinting or Reconnaissance. It is the first step of Ethical hacking. Although boring a bit, it is one of the most important stages of Ethical Hacking. This is because this stage lays the road to success or failure of the hack as it gives much needed information about the target system or organization.

Objectives Of Footprinting

In Reconnaissance, you gather as much information about the target organization that is useful in gaining access or to learn about the security posture of your organization depending on which color HAT you want to wear. Reconnaissance allows pen testers to reduce the area they need to focus, identify vulnerabilities and finally know about the security posture of the company.

What information does Reconnaissance reveal?

The following information can be collected from the Reconnaissance stage.

  1. Target organization’s network information including domains and sub-domains used by the organization.
  2. Blocks of IP addresses used by the organization that are accessible from outside. etc.
  3. Information about operating systems used by the web server OS, location of the Web server and in some cases user credentials.
  4. Information about the organization like the details of their employees, which include their names, addresses, Phone number, Personal email addresses etc

Types Of Footprinting

types of footprinting

There are two types of footprinting: Passive and Active.

1. Passive Footprinting:

In passive reconnaissance, information about the target organization is collected without actively without engaging with or any interaction with the target organization. This type of foot printing is very difficult as all the information needs to be collected from publicly available resources with search engines, job sites, social media, documents available in public domain etc. On the plus side, this type of foot printing allows pen testers to stay a bit confidential as it raises less suspicions on the target side.

2. Active Footprinting:

In Active reconnaissance, the attackers engage or interact with the target organization. This is simpler than passive reconnaissance as pen testers gets information directly from the target. On the flip side, the security guys at the target organization may already know your intent as it raises suspicions. Information will be collected about the target organization by scanning and enumerating target directly.

Techniques of Footprinting

Footprinting 2

The various techniques of Reconnaissance include,

Reconnaissance through Search Engines
Reconnaissance through Web Services
Website Footprinting
Email Footprinting
WhoIs Footprinting
DNS Footprinting
Network Reconnaissance
Metadata
Competitive Intelligence
Social Engineering Reconnaissance