Scribd
Upload
42 views18 pages

Se161148 Lab1 1,2 (2), 4

The document provides instructions for using search engines and online tools to gather open source intelligence about a target organization. It details how to use Google dorks and advanced operators to find emails, passwords and other sensitive information. It also explains how to use Netcraft and PeekYou to identify domains, subdomains and personal details.

Uploaded by

ngtiequang2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views18 pages

Se161148 Lab1 1,2 (2), 4

The document provides instructions for using search engines and online tools to gather open source intelligence about a target organization. It details how to use Google dorks and advanced operators to find emails, passwords and other sensitive information. It also explains how to use Netcraft and PeekYou to identify domains, subdomains and personal details.

Uploaded by

ngtiequang2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Lab 1: Perform Footprinting Through Search Engines 1

Name/StudentID Nguyen Tien Quang/SE161148


Class IA1604
Subject HOD401

Lab 1: Perform Footprinting Through Search Engines


Task 1.1: Gather Information using Advanced Google Hacking Techniques
Note: Here, we will consider EC-Council as a target organisation.

1. Turn on Windows 10 virtual machine.


2. Login to the Win10_TIEN_QUANG virtual machine with Username:
Win10_TIEN_QUANG and Password: password.

3. Open any web browser (here, Mozilla Firefox) and navigate to https://www.google.com.

Note: If the Default Browser pop-up window appears, check the Don’t show this message again
checkbox and click the Not now button.

1
Lab 1: Perform Footprinting Through Search Engines 2

4. Once the Google search engine appears, you should see a search bar.

5. Type intitle:password site:www.eccouncil.org and press Enter. This search command uses
intitle and site Google advanced operators, which restrict results to pages on the
www.eccouncil.org website that contain the term password in the title. An example is shown
in the screenshot below.

2
Lab 1: Perform Footprinting Through Search Engines 3

6. Now, navigate back to https://www.google.com. In the search bar, type the command EC-
Council filetype:pdf and press Enter to search your results based on the file extension.
7. Now, click on any link from the results (here, first link) to view the pdf file.

8. The page appears displaying the PDF file, as shown in the screenshot.

3
Lab 1: Perform Footprinting Through Search Engines 4

9. Apart from the aforementioned advanced Google operators, you can also use the following to
perform an advanced search to gather more information about the target organization from
publicly available sources.
• cache: This operator allows you to view cached version of the web page.
[cache:www.google.com]- Query returns the cached version of the website www.google.com

• allinurl: This operator restricts results to pages containing all the query terms specified in the
URL.
[allinurl: google career]-Query returns only pages containing the words "google" and "career"
in the URL

4
Lab 1: Perform Footprinting Through Search Engines 5

• inurl: This operator restricts the results to pages containing the word specified in the URL
[inurl:copy site:www.google.com]-Query returns only pages in Google site in which the URL
has the word "copy"

• allintitle: This operator restricts results to pages containing all the query terms specified in the
title.
[allintitle: detect malware]-Query returns only pages containing the words "detect" and
"malware" in the title

5
Lab 1: Perform Footprinting Through Search Engines 6

• inanchor: This operator restricts results to pages containing the query terms specified in the
anchor text on links to the page.
[Anti-virus inanchor:Norton]-Query returns only pages with anchor text on links to the pages
containing the word "Norton" and the page containing the word "Anti-virus"

• allinanchor: This operator restricts results to pages containing all query terms specified in the
anchor text on links to the page.
[allinanchor: best cloud service provider]-Query returns only pages in which the anchor text
on links to the pages contain the words "best," "cloud," "service," and "provider"

6
Lab 1: Perform Footprinting Through Search Engines 7

• link: This operator searches websites or pages that contain links to the specified website or
page.
[link:www.apple.com]-Finds pages that point to Apple's home page

• related: This operator displays websites that are similar or related to the URL specified.
[related:www.youtube.com]-Query provides the Google search engine results page with
websites similar to youtube.com

7
Lab 1: Perform Footprinting Through Search Engines 8

• info: This operator finds information for the specified web page.
[info:fap.fpt.edu.vn] – Query provides information about the FPT University Academic Portal
homepage

• Location: This operator finds information for a specific location.


[location: vinhomes] – Query give you results based around the term vinhomes

8
Lab 2: Perform Footprinting Through Web Services 9

Lab 2: Perform Footprinting Through Web Services


Task 2.1: Find the Company’s Domains and Sub-domains using Netcraft
1. Turn on the Windows 10 virtual machine.
2. Login to the Windows 10 virtual machine with Username: Win10_TIEN_QUANG and
Password: password

3. Open a web browser (here, Mozilla Firefox), type the URL https://www.netcraft.com in the
address bar, and press Enter. The Netcraft website appears, as shown in the screenshot.

9
Lab 2: Perform Footprinting Through Web Services 10

4. Click the Resources tab from the menu bar and click on the Site Report link under the Tools
section.

5. The What’s that site running? Page appears. To extract information associated with the
organizational website such as infrastructure, technology, used, sub domains, background,
network, etc, type the target website’s URL, (here, https://www.eccouncil.org) in the text field,
and then click the Lookup button, as shown in the screenshot.

10
Lab 2: Perform Footprinting Through Web Services 11

6. The Site report for https://www.eccouncil.org page appears, containing information related
to Background, Network, Hosting History, etc., as shown in the screenshot.

7. In the Network section, click on the website link (here, eccouncil.org) in the Domain field to
view the subdomains

8. The result will display subdomains of the target website along with netblock and operating
system information, as shown in the screenshot.

11
Lab 2: Perform Footprinting Through Web Services 12

9. This concludes the demonstration of finding the company’s domains and sub-domains using
the Netcraft tool.
10. Close all open windows and document all the acquired information.

Task 2.1: Gather Personal Information using PeekYou Online People Search Service
1. In the Windows 10 virtual machine, open any web browser (here, Mozilla Firefox), and
navigate to https://www.peekyou.com
2. In the First Name and Last Name fields, type Satya and Nadella, respectively. In the Location
drop-down box, select Washington DC. Then, click the Search icon.

3. The people search begins, and the best matches for the provided search parameters will be
displayed.

12
Lab 2: Perform Footprinting Through Web Services 13

4. You can futher click on the appropriate result to view the detailed information about the target
person to see a detailed information about the target person.
5. Scroll down to view the entire information about the target person.

6. This concludes the demonstration of gathering personal information using the PeekYou online
people search service.
7. Close all open windows and document all the acquired information.

13
Lab 4: Perform Website Footprinting 14

Lab 4: Perform Website Footprinting


Task 4.1: Gather Information About a Target Website using Ping Command Line Utility
1. Turn on Windows 10 virtual machine
2. Login to the Windows 10 virtual machine with Username: Win10_TIEN_QUANG and
Password: password.

3. Open the Command Prompt window. Type ping www.certifiedhacker.com and press Enter to
find its IP address. the displayed response should be similar to the one shown in the screenshot.

4. Note the target domain’s IP address in the result above (here, 162.241.216.11). You can obtain
information on Ping Statistics such as packets sent, packets lost, and approximate round-trip
time.

14
Lab 4: Perform Website Footprinting 15

5. In the Command Prompt window, type ping www.certifiedhacker.com -f -l 1500 and press
Enter.

6. The response, Packet needs to be fragmented but DF set, means that the frame is too large to
be on the network and needs to be fragmented. The packet was not sent as we used the -f switch
with the ping command, and the ping command returned this error.
7. In the Command Prompt window, type ping www.certifiedhacker.com -f -l 1300 and press
Enter.

8. Obseve that the maximum packet size is less than 1500 bytes and more than 1300 bytes.

15
Lab 4: Perform Website Footprinting 16

9. Now, try different values until you find the maximum frame size. For instance, ping
www.certifiedhacker.com -f -l 1473 replies with Packet needs to be fragmented but DF set,
and ping www.certifiedhacker.com -f -l 1372 replies with a successful ping. It indicates that
1372 bytes are the maximum frame size on this machine’s network

10. Now, discover what happens when TTL (Time to Live) expires. Every frame on the network
has TTL defined. If TTL reaches 0, the router discards the packet. This mechanism prevents the
loss of packets.
11. In Command Prompt, type ping www.certifiedhacker.com -i 1 and press Enter. This option
sets the time to live (-i) value as 1.

16
Lab 4: Perform Website Footprinting 17

12. Reply from 192.168.213.2: TTL expired in transit means that the router (192.168.213.2)
discarded the frame because its TTL has expired (reached 0)
13. Minimize the command prompt shown above and launch a new command prompt. Type ping
www.certifiedhacker.com -i 1 -n 1 and press Enter. Here, we set the TTL value to 1 and the -
n value to 1 to check the life span of the packet.
Note: -n specifies the number of echo requests to be sent to the target.

14. Type ping www.certifiedhacker.com -i 3 -n 1. This sets the TTL value to 3

15. Observe that there is a reply coming from the IP address 162.214.216.11, and there is no packet
loss.
16. Now, change the time to live value to 4 by typing ping www.certifiedhacker.com -i 4 -n 1 and
press Enter.

17
Lab 4: Perform Website Footprinting 18

17. Repeat the above step until you reach the IP address for www.certifiedhacker.com (in this case
162.241.216.11)
18. Here, the successful ping to reach www.certifiedhacker.com is 19 hops

19. This implies that, at a time to live value of 19, the reply is received from the destination host
(162.241.216.11)
20. The concludes the demonstration of gathering information about a target website using Ping
command-line ultility (such as the IP address of the target website, hp count to the target, and
value of maximum frame size allowed on the target network).
21. Close all open windows and document all the acquired information.

18

You might also like