Ethical Hacking 简明教程

Ethical Hacking - Footprinting

足迹收集是一个侦察过程中的部分内容,用于收集目标计算机系统或网络的可能信息。足迹收集可以是 passive ,也可以是 active 。查看公司的网站是一个被动足迹收集的示例,而尝试通过社交工程学获取敏感信息是一个主动信息收集的示例。

Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.

足迹收集基本上是黑客尽可能收集尽可能多的信息以找到入侵目标系统的方法或至少决定哪种类型的攻击更适合该目标的第一步。

Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.

在此阶段,黑客可以收集以下信息:

During this phase, a hacker can collect the following information −

  1. Domain name

  2. IP Addresses

  3. Namespaces

  4. Employee information

  5. Phone numbers

  6. E-mails

  7. Job Information

在以下部分,我们将讨论如何提取有关连接到互联网的任何计算机系统或网络的基本且易于获取的信息。

In the following section, we will discuss how to extract the basic and easily accessible information about any computer system or network that is linked to the Internet.

Domain Name Information

您可以使用 http://www.whois.com/whois 网站获取有关域名信息的详细信息,包括其所有者、其注册商、注册日期、到期时间、名称服务器、所有者的联系信息等。

You can use http://www.whois.com/whois website to get detailed information about a domain name information including its owner, its registrar, date of registration, expiry, name server, owner’s contact information, etc.

whois

以下是从 WHOIS 查询中提取的 www.tutorialspoint.com 的示例记录:

Here is a sample record of www.tutorialspoint.com extracted from WHOIS Lookup −

whois record

Quick Fix

始终建议您将域名资料设为私人资料,该资料应向潜在的黑客隐藏上述信息。

It’s always recommended to keep your domain name profile a private one which should hide the above-mentioned information from potential hackers.

Finding IP Address

您可以在提示符处使用 ping 命令。此命令在 Windows 及 Linux 操作系统中均可用。以下是查找 tutorialspoint.com 的 IP 地址的示例:

You can use ping command at your prompt. This command is available on Windows as well as on Linux OS. Following is the example to find out the IP address of tutorialspoint.com

$ping tutorialspoint.com

它将产生以下结果 −

It will produce the following result −

PING tutorialspoint.com (66.135.33.172) 56(84) bytes of data.
64 bytes from 66.135.33.172: icmp_seq = 1 ttl = 64 time = 0.028 ms
64 bytes from 66.135.33.172: icmp_seq = 2 ttl = 64 time = 0.021 ms
64 bytes from 66.135.33.172: icmp_seq = 3 ttl = 64 time = 0.021 ms
64 bytes from 66.135.33.172: icmp_seq = 4 ttl = 64 time = 0.021 ms

Finding Hosting Company

获得网站地址后,您可以使用 [role="bare"] [role="bare"]https://www.ip2location.com/ip2location.com 网站来获取更多详细信息。以下是查找 IP 地址详细信息的示例:

Once you have the website address, you can get further detail by using [role="bare"]https://www.ip2location.com/ip2location.com website. Following is the example to find out the details of an IP address −

ip2location

此处,ISP 行会向您提供有关托管公司的详细信息,因为 IP 地址通常仅由托管公司提供。

Here the ISP row gives you the detail about the hosting company because IP addresses are usually provided by hosting companies only.

Quick Fix

如果计算机系统或网络直接连接到互联网,则无法隐藏 IP 地址及相关信息,例如托管公司、其位置、ISP 等。如果您有一个包含非常敏感数据的服务器,建议将其保留在安全代理后面,以便黑客无法获取您实际服务器的确切详细信息。这样,任何潜在的黑客都将很难直接访问您的服务器。

If a computer system or network is linked with the Internet directly, then you cannot hide the IP address and the related information such as the hosting company, its location, ISP, etc. If you have a server containing very sensitive data, then it is recommended to keep it behind a secure proxy so that hackers cannot get the exact details of your actual server. This way, it will be difficult for any potential hacker to reach your server directly.

隐藏您的系统 IP 以及最终所有关联信息的另一种有效方法是通过虚拟专用网络 (VPN)。如果您配置了 VPN,则整个流量将通过 VPN 网络路由,因此您的 ISP 分配的真实 IP 地址始终被隐藏。

Another effective way of hiding your system IP and ultimately all the associated information is to go through a Virtual Private Network (VPN). If you configure a VPN, then the whole traffic routes through the VPN network, so your true IP address assigned by your ISP is always hidden.

IP Address Ranges

小型站点可能与其关联单个 IP 地址,但较大的网站通常具有多个用于提供不同域名和子域名的 IP 地址。

Small sites may have a single IP address associated with them, but larger websites usually have multiple IP addresses serving different domains and sub-domains.

你可以使用 American Registry for Internet Numbers (ARIN). 获取分配给特定公司的 IP 地址范围。

You can obtain a range of IP addresses assigned to a particular company using American Registry for Internet Numbers (ARIN).

arin

你可以在高亮的搜索框中输入公司名称,找到分配给该公司所有 IP 地址的列表。

You can enter company name in the highlighted search box to find out a list of all the assigned IP addresses to that company.

History of the Website

使用 www.archive.org 获取任何网站的完整历史非常容易。

It is very easy to get a complete history of any website using www.archive.org.

archive

可以在搜索框中输入一个域名,找到该网站在给定时间点的外观,以及在不同的日期里网站上有哪些页面可用。

You can enter a domain name in the search box to find out how the website was looking at a given point of time and what were the pages available on the website on different dates.

archive record

Quick Fix

尽管将网站放在归档数据库中有一些优势,但如果你不希望任何人看到你的网站在不同阶段是如何发展的,那么可以请求 archive.org 删除网站的历史记录。

Though there are some advantages of keeping your website in an archive database, but if you do not like anybody to see how your website progressed through different stages, then you can request archive.org to delete the history of your website.