“Praktikum Footprinting”

(Footprinting and Reconnaissance)

Disusun untuk memenuhi tugas Mata Kuliah Ethical Hacking and Penetration Testing
Dosen Pengampu: Dr. Johannes Harungguan Sianipar, S.T., M.T.
Instruktur: Albert Kelvin Hutapea, S.Kom.

Disusun Oleh:
Kelompok 7 (Ganjil)

11S18002 – Putri Era Waty Bakara

11S18010 – N. Priskila Napitupulu
11S18015 – Yanada Sari Situmorang

Program Studi Sarjana Informatika

Fakultas Informatika dan Teknik Elektro (FITE)
Institut Teknologi Del
2021
Bab 1 – Open Source Information Gathering using Windows Command Line
1. Find the IP address for http://www.certifiedhacker.com/
2. Right click the windows icon at the lower-left corner of the screen
3. Click CMD from the context menu to launch
4. Type ping www.certifiedhacker.com/

5. Find maximum frame size on the network

6. Type ping www.certifiedhacker.com –f –l 1500

7. The response, Packet needs to be fragmented but DF set, means that the frame is too large
to be on the network and needs to be fragmented.
8. Type ping www.certifiedhacker.com –f –l 1300
9. Try different values until find the maximum frame size .For Instance
ping www.certifiedhacker.com –f –l 1472

10. ping www.certifiedhacker.com –f –l 1473

11. Now, find out what happens when TTL (Time to Live) expires. Every frame on the
network has TTL defined.If TTL reaches 0, the router discards the packet.Type ping
www.certifiedhacker.com-i 3
12. It means that the router discarded the frame because its TTL has expired (reached 0).
13. Find the traceroute from your PC to www.certifiedhacker.com using the tracert
command. Type tracert www.certifiedhacker.com.

14. In new command prompt, type ping www.certifiedhacker.com-i 2 –n 1

15. Type ping www.certifiedhacker.com –i 3 –n 1 .This sets the TTL value to 3

16. Type ping www.certifiedhacker.com –i 4 –n 1 .This sets the TTL value to 4

17. Repeat until reach the IP address(162.241.216.11).Here the successful ping to reach IP
address is 19 hops

18. In new command prompt type nslookup

19. Type set type=a .Type target domain www.cerifiedhacker.com

20. Type set type=cname and domain cerifiedhacker.com

21. Issue the command set type=a dan ns1.bluehost.com

Bab 3 – Gathering Personal Information using Online People Search Services
1. Type https://peekyou.com in browser

2. Search Oprah Winfrey

3. This will show image,career,social media,etc.

4. Find location
Bab 5 – Collecting Information about a Target Website Using Firebug
1. Open Firefox browser
2. Type http://www.moviescope.com in the address bar

3. Click firebug add-on on the top-right corner to enable the Firebug Control Panel
4. The firebug panel appears at the lower end of the screen by default with Console tab as
shown below

5. Click drop-down node from Security tab under Console. Check Warnings option
6. Press F5 on the keyboard to refresh webpage
7. The Security tab is under the Console section
8. Click the Inspector tab in the Firebug UI. The inspector section contains two tags: head
and body.
9. Expand these nodes and observe the script written to develop the webpage. Layout tab

10. Fonts tab

11. The Style Editor tab provides the information of CSS and Script of the HTML and
JavaScripts
 12. Click DOM tab. This tab contains scripts written in various web technologies
13. Now click the Network tab. This tab display GET requests and responses

14. Under this tab click a GET request related to moviescope

15. Under the Headers tab, expand the Response header node

Bab 7 Miroring Website using HTTrack Web Site Copier

Web site mirroring creates a replica of an existing site. It allows you to download a website to a
local directory, analyze all directories, HTML, images, flash, videos and other files the server on
your computer.
1. Navigate to http://www.httrack.com/page/2/ and double click httrack_x64-3.49.2.exe.
2. If the Open File – Security Warning pop-up appears, click Run.
3. Follow the wizard steps to install HTTrack Web Site Copier.
4. In the last step of the installation wizard, uncheck View history.txtfile options and click
Finish.
5. The WinHTTrack Website Copier main window appears. Click OK and then click
Next to create a New Project.
Note: If the application doesn’t launch, you can launch it manually from the Apps screen.
6. Enter the name of the project in the New project name field. Select the Base path to
store the copied files. Click Next.

7. Enter www.certifiedhacker.com in the Web Addresses: (URL) field and click Set
options.
8. Click the Set options button to launch the WinHTTrack window.
9. Click the Scan Rules tab and select the check boxes for the file types as shown in the
following screenshot, then click OK.

10. Click Next.

11. By default, the radio button will be selected for Please adjust connection parameters if
necessary, then press FINISH to launch the mirroring operation and check
Disconnect when finished.
12. Click Finish, to start mirroring the website.
13. Site mirroring progress will be displayed as in the following screenshot:

14. WinHTTrack displays the message Mirroring operation complete, once the site
mirroring is completed. Click Browse Mirrored Website.
 15. The mirrored website for www.certifiedhacker.com launches. The URL displayed in the
address bar indicates that the website’s image is stored on the local machine.
Note: If the webpage does not open, navigate to the directory where you mirrored the website
and open index.html with any browser.

16. Some websites are very large and it might take a long time to mirror the complete site.
17. If you wish to stop the mirroring in progress, Click Cancel on the Site mirroring progress
window.
18. The site well work like a live hosted website.

Bab 9 Gathering IP and Domain Name Information using Whois Lookup

The WHOIS database is a searchable list of every domain currently registered. Whois Lookup
revcalls who owns a particular domain name.
1. Navigate to and double-click setup.exe.
2. If the Open File – Security Warning pop-up appears, click Run.
3. The Welcome wizard; click Next.
4. Follow the wizard step (by choosing default options) to install SmartWhois.
5. In the Optional Components window, uncheck all options and click Next.
6. The SmartWhois Setup dialog box appears. Click Yes.
7. Launch SmartWhois from the Apps screen.
8. The SmartWhois application updates pop-up appears. Click No.

9. The SmartWhois main window appears. Type an IP address, hostname, or domain name
in the IP, host or domain text field. An example of a Domain name query is show below
for www.google.com.
10. Click the Query drop-down list and select As Domain.
Note: To query an IP address or hostname, select As IP / Hostname. To query a domain
name, select As Domain.
11. The domain display in the left pane and the result of the query displays in the right pane,
as shown in the following screenshot:
Note: The IP address displayed in the result may vary in your lab environment.
12. Click the Clear icon in the toolbar to clear the history.

13. To perform a sample host name query, type www.facebook.com in the IP, host or
domain text field.

14. Click the Query drop-down list and choose As IP address / Hostname.
15. In the left pane, the resultant query displays, and the right pane displays the results of
your query, as shown in the following screenshot:
Note: This result may vary in yor environment.
16. Click the Clear icon in the toolbar to clear the history.

17. To perform a sample IP Adress query, enter the IP address of the Windows 10 virtual
machine, i.e., 10.10.10.10 in the IP, host or domain text field and click Query.
Note: 10.10.10.10 is the IP address of Windows 10 virtual machine. The IP address of this
machine may differ in your lab environment.
18. The IP address displays in the left pane and the result of your query displays in the right
pane, as shown in the following screenshot:
Bab 11 Footprinting a Target using Maltego
Maltego is a Footprinting tool, used to gather maximum information for the purpose of ethical
hacking, and forensic and pen testing. It provides a library of transforms for discovery of data
from open sources, and visualizing that information in a graph format, suitable for link analysis
and data mining.
1. Install Maltego by double-clicking the downloaded application.

2. After that on the Product Selection page, click Run from Maltego CE (Free)
3. Next, you will be directed to the Login page, register first if you don't have a Maltego
account.

4. Register an account and then activate it.

5. Then try again to login using the account that was previously registered.

6. There will appear the details of the personal data entered, Click Next.
7. The Install Transform section appears. Leave the section to default and click Next.

8. The Help Improve Maltego section appears. Leave the section to default and click Next.
9. Then click Next for each configuration to Finish.

10. Maltego GUI appears then select the button like in the picture to start a new graph.
11. Click Palette > Infrastructure > Drag Website into a blank work page.

12. Change the target to be printed into a target (www.certifiedhacker.com)

13. Right click > Run Transform > All Transform > To Server Technologies Website.
Maltego begins to carry out the transformation to the technology used by the target. After
the process is complete, the technologies used by the target will appear.

14. There is a lot of information that can be obtained from this Maltego application, such as
the location of the target's server hosting, the subdomain of the target, the email and
mobile number listed on the website, and much other information that can be obtained.
▪ To Domains [DNS]
 ▪ To DNS Names [wihin Properties]

▪ To IP Address [DNS]

15. Then do the same thing as before, but with a different target than before.
Bab 13 - Using Open – Source Reconnaissance Tool Recon-ng to Gather
Personnel Information

1. Launch Kali Linux and login to it using the credentials: root/toor

2. Launch a command line terminal
3. Type the command recon-ng and press enter to launch the app.

4. And after that type "workspaces create reconnaissance" to create workspaces.

5. After that type “marketplace install recon/domains-contacts/whois_pocs” to install the

whois_pocs module

6. Type “modules load recon/domains-contacts/whois_pocs”. This module using ARIN

Whois RWS POC data

7. Type info to see the options required executed on the module

8. Type “options set SOURCE facebook.com” to get domain facebook.com

9. After that type "run"

10. To return type "back"

11. Then type “marketplace install recon/profiles-profiles/namechk”

12. Then type "modules load recon/profiles-profiles/namechk" to load the module.

13. Type options set SOURCE Mark Zuckerberg to set Mark Zuckerberg as source to find
user existence on a specific website.

14. To return type "back"

15. Type “marketplace install profiler”

16. Type "modules load recon/profiles-profiles/profiler"

17. Type "options set SOURCE MarkZuckerberg"

18. Then run

19. To return type "back"

20. After that go back and type "marketplace install recon/reporting/html”

21. Type "modules load reporting/html"

22. Set the file name by typing "options set FILENAME Reconnaissance.html”
 23. Set the name of the creator by typing "options set CREATOR Jason"

24. Set the Customer name by typing "options set CUSTOMER Mark Zuckerberg"

25. After that run it will be degenerated in the Reconnaissance.html file

So that the Reconnaissance.html file can be seen in File manager → File system → usr →
share → recon-ng

The following is the contents of the Recconaissance.html file

Bab 15 - Automated Fingerprinting of an Organization using FOCA

1. Launch FOCA and double-click FOCA.exe.

2. Create a new project by navigating to Project, and click new project on the menu bar.

3. The FOCA new project wizard appears as shown in the screenshot below:
a. Enter a Project name in Project name field.
b. Enter domain website in Domain website field.
c. You can leave the optional Alternative domains field empty.

4. Click Folder to save the document that is extracted by FOCA in the Folder where save
documents field, leave the other settings to default, and click Create.

5. Project Saved successfully pop-up appears. Click OK.

6. To extract the information of the targeted domain, select the search engines and click
Search All.

7. The Search Al button automatically toggles the Stop button and you can see the result in
the lower panes.
8. Now that the file information is stored in the domain, you can view it. To view the
information, right-click the file and click Link → Open in browser from the context
menu.

9. You have now extracted the files from the domain by using FOCA. Close the web
browser.

10. Click Network node in the left pane of the window to view the network structure.
11. If the domain has any of the associated Clients or Servers it displays the related
information.
Note: In this lab the domain we used doesn't have associated clients or servers.

12. Expand the Domains node and it displays the Domain IP Address.
13. Expand the Roles node, right-click on Https, and click HTTP(s) Fingerprinting from the
context menu to fingerprint the site or domain → www.eccouncil.org

14. Expand the Https node and click Domain to see the IIS version installed in the server in
the right pane → www.eccouncil.org
Bab 17 – Information Gathering Using Metasploit

1. Login into Kali Linux machine and open a terminal window

2. Type "service postgresql start"

3. Type "msfconsole"

4. Type db_status

5. Because it is not connected then type exit and type “msfdb init”
6. After restarting postgresql by typing "postgresql restart" and typing "msfconsole"

7. Type db_status and hit enter

8. Type nmap –Pn –sS –A –oX Test 10.10.10.0/24 and hit enter

9. Then the scanning results will be displayed and it will take approximately 2 hours
10. Type db_import Test and enter to import Nmap results from database

11. Type “hosts” and press enter to see hosts and also details discovered by NMAP
12. Currently it will scan Windows Server 2016 by typing “db nmap –sS –A 10.10.10.16 and
press enter.

13. Type services or db_services and press enter to get a list of services run by the host.

14. Type search portscan and press enter to see the port scanning on metasploit.
15. Type use scanner/portscan/syn and press enter

16. Type show options and press enter

17. Type set RHOSTS 10.10.10.12 and press enter

18. Type set THREADS 100 and press enter

19. Ketikkan run and enter

20. Metasploit will start to find the OS_flavor through this module