Introduction To Footprinting and Reconnaissance

The first phase before rolling out an attack is to collect information about the targeted systems. The attackers research and put in their efforts to find as much information as they can using tools, technologies, and techniques like scanningenumeration, etc. This phase is called reconnaissance. 

The aim of reconnaissance is to find the easiest point of entry to the target system and make the most out of it. Footprinting is similar to reconnaissance, but it involves collecting data in a less intrusive manner. 

What is Footprinting?

Footprinting is one of the most convenient ways for hackers to collect information about targets such as computer systems, devices, and networks. Using this method, hackers can unravel information on open ports of the target system, services running, and remote access probabilities.

Since it is the initial phase of hacking it is really important to develop an accurate understanding of the entire process. The systematic footprinting of a target enables the attacker to get a blueprint of the target’s security posture.

How to perform footprinting?

The first phase, known as “footprinting,” involves the hacker gathering as much data as they can in order to figure out how to break into a target system. The attacker must first determine the target’s visibility and determine how to find relevant information online using open sources in order to successfully leave a digital footprint. The scope of potential entry points can be determined by the attacker through detailed investigation. The following details may be gathered:

  • Company names
  • Domain names
  • Business subsidiaries  
  • IP Addresses
  • Business emails  
  • Network phone numbers  
  • Key employees

and so on.

In hacking terms, we can call it the “Front Door” of the castle on target.  

The first step of footprinting is to determine what to attack to obtain the “footprint” of the target network which includes, but is not limited to the following:

  • Hostnames
  • Network address ranges
  • Exposed hosts  
  • Exposed applications  
  • OS and its versions
  • Application and its versions

and many more.

Apart from this, the attackers have to decide the scope of the target with regards to the entire organization or certain subsidiaries or locations. Based on the scope, they start to dig deep into the information like company web-pages, related organizations, employee details, contacts, e-mail addresses, currents events, locations, news, policies, disgruntled employees, mergers, acquisitions, or events to garner some clues, opportunities, and contacts for attackers

What is Reconnaissance

Reconnaissance is an important stage in the initial hacking process, much like footprinting. Attackers gather information during this phase, much like a detective does! Information about target flaws, penetration testing vulnerabilities, and the onset of any data breaches are gathered during this procedure.

Any information gathered about the target may be a crucial piece of the jigsaw, needed to reveal the critical vulnerabilities of the target.

What critical information can be revealed in the reconnaissance phase?

1) Network Information

  • IP addresses
  • subnet mask
  • network topology
  • domain names

2) Host Information

  • user- names
  • group names
  • architecture type
  • operating system family and version
  • TCP and UDP services running with versions

3) Security Policies

  • password complexity requirements
  • password change frequency
  • expired/disabled account retention
  • physical security (e.g. access badges, door locks, etc.)
  • firewalls
  • intrusion detection systems

4) Personnel details

  • designations
  • telephone number
  • social hangouts
  • computer skills 

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *