Buy Dideo Subscription
CEHv10 Module 2: Footpriting & Reconnaissance Foot printing through search engines. This video is a part of Ethical Hacking version 10 (CEH v10), Ethical Hacking with Kali Linux and Cyber security. These ideas as shown video, give you the first steps of penetration testing. Search Engines are used to extract information about a target. Attackers may gather information such as :- technology platforms, employee details, login pages, intranet portals and many other information about the target. The main Search engine used for footprinting are :- Google, Bing, Yahoo, Ask.com, AOL. DuckDuckGo and Baidu. But most of the time Google is used. Now, let’s have a demo on it. Just for demo purpose, I’m gonna gather employee information of one of the telecommunication of Nepal—Nepal telecom. In the search engine’s search box, I search for ‘employee Nepal telecom’. If you scroll down a little bit down, and follow the Wikipedia link, on the right bar of the page, we get some general and basic information from our basic search, the information like:- - When it was founded - The location of the Headquarters - Key person - Services - Number of employees that’s about 5,400 and - The company’s website that is ntc.net.np Now, let’s move ahead and see another Advanced Google search operator. Let’s learn about intitle. This will ask Google to show pages that have the term in their html title. For example, to get open index or Insecure information type intitle:"index of /" Parent Directory site:then give your target site that is for example ntc.net.np. It’s not my target though, I am just doing this for a demo to teach you. Here, as you can see some open indexing of directories from where you may get some information. Now, let’s another example. In the search box, I type as intitle:"index of /admin" site:ntc.net.np and hit enter. You may find some information from here as well. Also, you can replace /admin with /password or any other keyword. It depends, how you can manipulate the search engine and the queries. Now, let’s see another search query—InURL. Using InURL we can search for diffwrent functionalities within the website. For example, search for Admin Login Functionality on the target domain as:- inurl:login site:ntc.net.np. You can find all the login pages on the site. As we can see, there are so many login pages, even the Central Authentication Service—Server Admin pages. Then you can write the login pages, in your report. Now, let’s see about another Advanced search operator filetype. Using this, I am gonna search for text files containing passwd in URL on target domain. So for this, I can use like:- inurl:passwd filetype:txt site:ntc.net.np. Unfortunately, it’s not showing anything that means the search is not available. You can also search for logs on target domain as:- filetype:log site:ntc.net.np. If it’s publicly available, you will find it otherwise not. You can also Search for Excel and csv files on target domain as :- filetype:xls csv site:ntc.net.np. Again, If it’s publicly available, you will find it otherwise not. I am just showing you the ways. For more dorks you can visit : https://www.exploit-db.com/google-hacking-database. You will find dorking or Google hacking technique for almost everything. For example, in the search box, let’s type database, then you will get dorking related to database. You can combine, multiple dorks to get hidden information in the target domain. If you click on any of them, you will see in detail about that. Going back to the Report, we could not obtain any information through Google Hacking database about our demo target. Probably we will get by using other techniques. This is just a test, you might or might not get information that too revealed public. However, you can always try other options using the dorks available in the Google hacking database. To mention here, you can also use Google Advanced Search tool. For that search for the target organization name in the search box, click on settings and click on ‘Advanced Search’. With this tool, you can search web, more precisely and accurately. You can use these search features to achieve the same precision as of using the advanced operators but without typing or remembering these operators. You can try it by yourself and I’m not gonna show it to make the video unnecessarily more lengthy for the thing that you can do easily all by yourselves.
