Website Footprinting
Sumit Vishwambhar ????
CPI | CHFI | WAPT | CEH v12 | CCNA | Linux | Cyber security
Organizations put a lot of information on their websites. You can find office addresses, senior management information, and contact numbers. An attacker can use various methods to footprint a website.
For example, an attacker may simply mirror a website and analyze it offline to understand the website’s map and architecture.
An attacker can gather a lot of information, such as:
This task will teach you about website Footprinting using various tools and methods.
Learning Outcomes
After completing this exercise, you will be able to:
Your Devices
You will be using the following devices in this lab. Please power these on now.
PLABDC01Domain Controller192.168.0.1/24PLABKALI01Domain MemberWorkstation192.168.0.5/24
Windows Server 2019 — Domain Server192.168.0.1/24
Windows 10 — Workstation192.168.0.3/24
Kali 2019.2 — Linux Kali Workstation192.168.0.5/24
Task 1 — Footprint Using Source Code
A website source can help an attacker determine quite a lot of information. For example, with the source code, an attacker can determine if any directories are used in the file paths or any hidden files used. An attacker can analyze the functions in the source code to determine weaknesses.
In this task, you will learn about website Footprinting by accessing source code.
Step 1
Ensure that you are connected to PLABKALI01 and open Firefox ESR by clicking on the icon on the taskbar.
The Kali homepage is displayed as the default home page. In the address bar, type the following: https://intranet Press Enter.
Step 2
Right-click anywhere on the webpage and select View Page Source.
Step 3
The webpage source is now displayed.
Step 4
Scroll down to line 63, which mentions text/javascript.
Now, you know that JavaScript is being used. You can also study the code to figure out any vulnerabilities.
Note: There are also references to the languages being used above in the code.
Step 5
Close the Firefox window.
Task 2 — Footprint Using Archive.org
Organizations keep updating their websites from time to time. The archive.org website keeps track of all the updates or changes since the website was launched. An attacker can use this website to determine the changes made on the website. An attacker may use this information to conduct various attacks, such as phishing.
In this task, you will learn about Footprinting using the archive.org website.
Step 1
Connect to PLABWIN10. Click the Microsoft Edge icon on the taskbar.
Step 2
In the address bar, type the following URL: https://archive.org/index.php
Press Enter.
Step 3
The archive.org website’s homepage is displayed.
In the search textbox, type the following: microsoft.com
Click Go or press Enter.
Step 4
A chart of several years is displayed, and will default to the current year.
Notice that most dates are marked in circles when updates have taken place.
Step 5
Hover mouse over 1 in Jan and notice that a list is displayed.
It indicates that 69 snapshots were taken on this date.
Note: The number of snapshots will vary.
Step 6
Click on the first timestamp, 01:18:44.
Step 7
The archive.org website is loading the snapshot from its archive.
Step 8
After a few seconds, archive will load the website from the specified time.
Close the Microsoft Edge window.
Task 3 — Create a Wordlist Using CeWL
An attacker may seek out words that are used on the website. These words are then used to create a wordlist that is further used for cracking passwords. Kali Linux contains a tool named CeWL, which generates wordlists.
In this task, you will create a wordlist using CeWL.
Step 1
Connect to PLABKALI01 and open a new terminal window by clicking the Terminal Emulator icon on the taskbar.
领英推荐
Step 2
Let’s display the wordlist on the terminal. To do this, you need to execute the following command: cewl intranet
Press Enter. The command execution starts.
Step 3
The wordlist is generated and displayed on the terminal. Notice that keywords were picked up and displayed as part of the wordlist.
Step 4
Clear the terminal with the following command: clear
Press Enter.
Next, you can write the output to a file without displaying it on the terminal. To do this, you need to use the -w parameter: cewl intranet -w test.txt
Press Enter. The command execution starts.
Step 5
Notice that no output is generated on the terminal. The output is written to the test.txt file.
Step 6
Let’s verify if the test.txt file has been created. Type the following command: ls -l
Press Enter.
Step 7
Notice that the file is listed.
Step 8
Let’s open the test.txt file and see the stored words in it.
Type the following command: leafpad test.txt
Press Enter.
Step 9
The test.txt file is now open. It has captured several words from the Intranet Website.
Notice that there are words with three letters or more.
When you are ready, close this file.
Step 10
Clear the terminal with the following command: clear
Press Enter.
You will now display the output with two exceptions:
You will add words of five letters or more using the -m parameter
You will also select the depth of search using the -d parameter Type the following command: cewl -d 5 -m 5 intranet
Press Enter.
Step 11
The command runs successfully without any error. However, it is important to notice that there are no words with less than five letters.
Step 12
Clear the terminal with the following command: clear
Press Enter.
You can also generate words that are a mix of letters and numbers. To do this, you need to use the — with-numbers parameter. Type the following command: cewl -d 5 -m 5 intranet --with-numbers
Press Enter.
Step 13
The output displays words that are made of letters and numbers.
Keep the terminal window open.
Task 4 — Perform Banner Grabbing using Nmap
Various tools can help you grab the banner of a website, but nmap is quick in doing this.
For example, you can figure out the webserver name and so on.
In this task, you will grab the banner using Nmap. To do this, perform the following steps:
Step 1
Connect to PLABKALI01 and ensure that the terminal window is open.
Step 2
Type the following command: nmap -sS -p 80 -A 192.168.0.1
Press Enter.
The given command uses the following parameters:
-sS = SYN Scan
-p = Port Number
-A = Aggressive mode
Step 3
Notice that the output displays information about the operating system of the target system and the services running on open ports.
There is quite a lot of information you can get from this scan, such as:
An attacker can use all this information. For example, an attacker may simply find the webserver name and version and look for vulnerabilities. If they are not patched on this webserver, then an attacker has a golden chance of exploiting the vulnerability.