What is Footwriting?
What is the first step one would take before seeking admission in a university or college? Quite unanimously, it must be a primary research about the institute. Footwriting is an analogous step which hackers take before gaining access into any network. The systematic foot printing of a organization enables attackers to create a complete profile of an organization’s security posture like system architecture, network blocks and IP addresses exposed on the Internet. Hackers gain reconnaissance of the target following a sequence of steps as:
1 Open Source Footprinting- The first step a hacker takes is to visit the website of a potential target. He then looks for contact information of the administrators which may help in guessing the password or in Social Engineering.
1 Network Enumeration- This is the next step in gaining information where the hacker tries to identify the domain names and the network blocks of the target network. 1 Scanning- Once the network block is known, the next step is to spy for active IP addresses on the target network. The Internet Control Message Protocol (ICMP) is a good alternative for identifying active IP addresses.
People Searching
There are millions of or billions of searches conducted on a daily basis on all popular search engines as well as the popular social networking platforms. However what exactly these men search for is a matter of our concern. There are some platforms or tools that can be used to determine what exactly people search for on these search engines.
5 Steps People Use To Search
Pipl
What you will find when you visit Pipl is that this search engine does does not just search the web, but rather goes through searching an area this site refers to as the Invisible web. There are some hidden resources on the Internet that search engines simply can not or do not access for a variety of reasons. Some contains personal information, and the sites containing that information opt out of being indexed by the common search engines. Pipl is different because it does index such information.
What you can add will determine how exact your results may be. If you only have a name, you may get any information on anyone with that name. If you can add more, like a state, you are going to get more specific results.
Wink
Wink searches across what you would find using a regular search engine as well as across social communities, online profiles, etc. Some people searches work by looking for as many possibilities as possible, but Wink works in an almost opposite manner. Wink only searches for known information, so any advanced terms you enter need to be facts, like a birthday or city of birth about which you are certain. Possibilities will only confuse and limit unfairly your results. For this reason, Wink is particularly useful for those who know a lot of basic personal information about the person they are trying to find.
Facebook is one of the world’s largest social networks with hundreds of millions of people on this platform on a daily basis, it makes sense to use Facebook as an incredibly useful tool to find people online. This platform is used by billions of people over the world but only an few people know how to properly use this website. Facebook is often a widely used online networking program that allows peoples to share information with other people. You can even spy on peoples, find peoples working as an Artist, Singer, Professionals, etc. and contact them for your purpose.
PeekYou
PeekYou is an interesting twist to the world, it allows you to search for usernames across a variety of social networking. PeekYou considers itself to be “The Smartest People Search Online.” It is a website that brings people from all over the world together. Anyone with a PeekYou profile helps other people locate their websites, photos, social-networking pages, or any other contact information they have provided online.
Footwriting
LinkedIn is completely free though they do have a pro version which gives you a lot more features such as the pro account shows what keywords bring up your profile, what industry these people are in when they viewed your profile, and where they are located geographically. You can also see everyone who has ever checked out your profile whereas the free version just shows you the five most recent. Generally if you’re just starting out, the free version is all you need. Linkedin can be a goldmine for you if you know how to target peoples and sell your stuff or help yourself to find a job with Linkedin
Footwriting
Virtualbox For Hacking
Many of you have been having difficulty setting up your hacking environment to practice your hacks. In this chapter, I will show you the simplest and fastest way to set up an lab to practice your hacks before taking them out into the real world where any slip-ups could be devastating.
Footwriting
Download VMware Workstation or Box
The best way to practice hacking is within a virtual environment. Essentially, you set up a hacking system, such as Kali Linux, and some victims to exploit. Ideally, you would want multiple operating systems (Windows XP, Vista, 7, and 8, as well as a Linux / Unix) and applications so that you can try out a variety of hacks.
Virtual machines and a virtual network are the best and safest way to set up a hacking lab. There are several virtualization systems out there, including Citrix, Oracle’s VirtualBox, KVM, Microsoft’s Virtual PC and Hyper-V, and VMware’s Workstation, VMware Box, and ESXi. For a laboratory environment, I strongly recommend VMware’s Workstation or Box.
Footwriting
Download Kali VMware Images
Once you have downloaded and installed your virtualization system, our next step is to download the VMware images of Kali provided by Offensive Security, you won’t have to create the virtual machine, but simply run it from Workstation or Box This means that once you have downloaded the VM of Kali, you can then use it in either Workstation or Box without actually installing a new OS
Open Image with VMware
Once all the files have been unzipped, our next step is to the open this new virtual machine. Make note of the location where you have unzipped the virtual machine image. Then, go to either VMware Workstation or Box and go to File > Create new Machine > Allocate Ram & HDD Space> Select ISO File & Install the new OS in VMware
Footwriting
Download & Install Targets
For the next step, you need to download and install a target system. Of course, you could use your host Windows 7 or 8 system, but since this is practice, you might want to use an older, easier to hack system. Also, hacking your system can leave it unstable and damaged.
I recommend installing a Windows XP, Vista, Server 2003, or an older version of Linux. These systems have many known security flaws that you can practice on and, then when you become more proficient at hacking, and you can then upgrade to Windows 7 and 8 and newer versions of Linux.
If you or your friends don’t have a copy of these older operating systems, you can purchase them very inexpensively many places on the Internet. Of course, you can also obtain these operating systems for free on many of the torrent sites, but BEWARE… you will likely be downloading more than just the operating systems. VERY often, these free downloads include rootkits that will embed in your system when you open the file.
Footwriting
Download Old Applications
Once you have your operating system in place, very often you will need applications to run on these older versions of the Windows and Linux operating systems. You will likely need a browser, Office, Adobe products, etc. These older products have well-known security flaws that you can hone your skills on.
Footwriting
Reconnaissance
In the computer world, there are good guys who create networks that help us communicate, work with others and get information and then there are those not-so-good guys who, for a variety of reasons, like to use their computers to worm their way into those networks and cause trouble.
They’re called hackers, and they’ll routinely do things like:
Steal secrets.
Obtain passwords.
Get credit card information.
Create so much traffic that a website has to shut down.
Hackers are ALWAYS at work, either trying to steal information for their own gain or disrupt business as usual. You hear a lot of about hackers on the news now and then, but just what are they doing?
Here’s a bit of background to help you understand what it means when a website or company is “hacked.” Hackers aren’t heroes.
For some reason, there are those who think that hackers are “cool” and that their spirit of mischief and sneaking is admirable. But the IT (Information technology) experts who spend a lot of money building business or government networks would disagree. And, for that matter, so would anyone who has ever had their money or identity stolen by a hacker. There’s nothing playful about that.
Most people would agree that there are three types of hackers:
Young kids “having fun.” These are adolescents who are essentially vandals on the Internet and are also know as Script Kiddies. They’re not looking for more than few hours of their fun messing with websites or networks.
Recreational “hackers.” These are savvy computer users who intrude on networks when they feel they have a valid reason to…in their minds at least. They may have a grudge against a certai website or company and take their dislike out by “hacking” or disrupting the website.
> Professionals. When a computer expert gets a taste of hacking and likes the flavor, he or she will continue to use their skill, often for breaking into people’s accounts to steal money. They also might like taking down a big network for “fun.”
Stealing passwords and getting in the system.
Finding out a password is the usually the first step in cracking a network’s security. (That’s why there are so many articles telling you to change your passwords often and make them hard to figure out!)
Here are a few key terms that you’ll hear in discussions about hackers and what they do:
Backdoor. A secret pathway a hacker uses to gain entry to a
computer system.
Buffer overflow. A method of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.
Denial-of-service attack. A attack designed to cripple the victim’s system by preventing it from handling its normal
traffic, usually by flooding it with false traffic. Email worm. A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email
message. Root access. The highest level of access (and most desired by serious hackers) to a computer system, which can give them complete control over the system.
Root kit. A set of tools used by an intruder to expand and disguise his control of the system.
Script kiddie. A young or unsophisticated hacker who uses base hacker tools to try to act like a real hacker. Session hijacking. When a hacker is able to insert malicious
data packets right into an actual data transmission over the
Internet connection.
Trojan horse. A seemingly helpful program that tricks the computer user into opening it, only to deliver (unnoticed and behind the scenes) an unexpected attack on the user’s computer.