Discover Footprinting Techniques in the Hacking World
Footprinting is the first step in hacking, which aims to gather information about a target (such as a system, network, or organization) to identify potential vulnerabilities.
Below are common techniques, attack targets, exploited vulnerabilities, and illustrative examples.
What is Footprinting?
Footprinting is the process of collecting data that may be public or private, including information about networks, employees, or technology.
There are two types of footprinting:
- Passive: No direct interaction with the target
- Active: Have direct interaction with the target
Footprinting techniques and attack methods
1. OSINT (Open Source Intelligence)
Purpose: Collect information from public sources like websites, social networks or reports
Target: Company's website, internal report
Security Holes: Sensitive data without protection
Method and Tool:
A hacker uses Google Dork (Advanced Search Queries) to trace the sensitive data. Some popular queries:
site:example.com filetype:pdf inurl:confidential→ Find all PDFs with "confidential".
site:example.com inurl:login→ Find the login page without protection.
Tools:
- Maltego (analyst data relationship)
- theHarvester (collect email & subdomain)
Example:
Hackers aim at TechCorp. With query:
site:techcorp.com filetype:doc intext:passwordThey found a word that contains the user account password, then the hacker uses this password to log in to the internal system of TechCorp by the vpn (techcorp.com/vpn)
site:techcorp.com inurl:vpn
2. WHOIS & DNS
Purpose: Query domain name information (WHOIS) or DNS records to determine the server, IP address, or administrative email.
Target: Domain, DNS servers.
Security Holes: WHOIS data are not protected, wrong DNS settings.
Method and Tools:
Hacker uses:
- whois.domaintools.com or command: whois techcorp.com to gather information
- dnsdumpster.com to find the DNS records, identify a subdomain, an or IP.
Example:
A hacker queries WHOIS for techcorp.com and found an admin email [email protected]. Then, they send an email phishing with the title:
“Security Alert: Your Account is Compromised”
to bait the admin to click into the fake URL techcorp-login.com to steal login information.
3. Network Scanning
Purpose: Use scanning tools to identify devices, open ports, and running services.
Target: Server, router, dịch vụ (HTTP, FTP).
Security Holes: Unnecessary open ports, outdated services.
Method and Tools:
A hacker uses Nmap to scan the network. Example:
nmap -sS 192.168.1.0/24→ Scan TCP SYN to identify the device.
nmap -sV -p 21 192.168.1.100→ Check the service version running on port 21 (FTP)
Example:
A hacker scans TechCorp's internal network with the command:
nmap -sS 192.168.1.0/24and detect the server at 192.168.1.100 had port 21 opened, running vsftpd 2.3.4. Hackers exploit a backdoor vulnerability in this version (CVE-2011-2523) by sending a special string USER hack:), thereby gaining shell privileges on the system.
4. Social Media
Purpose: Analyze LinkedIn or Twitter profiles to gather employee information.
Target: Key personnel, internal data.
Security Holes: Employees share sensitive information.
Method and Tools:
- Search Twitter with keywords like
"TechCorp" AND "SAP". - Use Social-Searcher to analyze the posts.
- Advanced LinkedIn search to find IT talent
A hacker found the Twitter account of a TechCorp IT employee, with the post:
“Just deployed new SAP at TechCorp #SAP.”
Hackers research vulnerabilities in SAP (ví dụ: CVE-2020-6287 – RECON) and use tools like Metasploit to exploit ERP systems, thereby stealing data.
Preventive Measures
- Limiting information disclosure (WHOIS protection, controlling published content)
- Train employees about phishing and security awareness.
- Close unnecessary ports, update software, use a strong firewall.
Conclude
Footprinting helps hackers understand their targets and prepare for more effective attacks. Understanding and preventing these techniques is key to protecting organizations against cyber threats.
This article aims to introduce common techniques, attack methods, practical examples and supporting tools. If you have any questions or suggestions, please leave a comment below.
Thanks for reading!