Foot prining is an essential part of hacking. It's like caseing a store before the robbery. None of it is illegal, but the information could be used in the wrong ways. To start with, you need to become well aware of a program called nslookup. This program can let you look at services and even some personal information. But first, we will look at legitimate sites that can help us. These sites allows to do WHOIS lookups on domains (i.e. yahoo.com). When targeting a corporate or personal site, this information can be very useful. First, go to www.1accedited.com or click here to search for a site that has a .com domain in the U.S.(for more sites in different countries, click here). Go to the WHOIS section, and type in the name of the site excluding the www. and a series of information will come up. Let's see what will come up if we type in miltonhighschool.com at the prompt from the 1accredited.com site. We get. . .
Registrant:
Milton High School (MILTONHIGHSCHOOL-DOM)
86 School Dr.
Alpharetta, GA 30004
US
Domain Name: MILTONHIGHSCHOOL.COM
Administrative Contact:
Jones, Sin (SJL152) jonessg@FULTON.K12.GA.US
Milton High School
86 School Dr.
Alpharetta, GA 30004
US
(770) 740-7000 fax: 999 999 9999
Technical Contact:
AISO.net (SA2831-ORG) domains@AISO.NET
28151 Celia Road
Murrieta, CA 92563
US
909-698-8427 fax: 909-696-0132
Record expires on 23-Nov-2008.
Record created on 15-Oct-2002.
Database last updated on 10-Jun-2003 11:52:24 EDT.
Domain servers in listed order:
WEB1.AISO.NET 209.101.60.2
WEB2.AISO.NET 209.101.60.3
This is an extroadinary amount of information, just by typing in a site name. We get a mailing address, most likely a work phone number, e-mail, most likely a work address, maybe a work fax, and most important the administrative server that the site itself is located on. These servers are WEB1.AISO.NET (209.101.60.2) and WEB2.AISO.NET (209.101.60.3) which are always located on the very end. We can do a number of things with this, but for now we will just use a program called nslookup. To open nslookup, just type it into your shell (for those of you using windows, or different flavor of Linux, just open up a command prompt and type in nslookup). After it is open, we will go throw a series of steps to find out more about the computer, and not neccessarily so much the person. When prompted, type "server 209.101.60.3" without the quotes. This will change your computer's nslookup server from your default ISP server to the new targets server. Next, at the prompt, type in "ls -d miltonhighschool.com" and hit enter. This will give you more information about the computer. Let's look at what we are given.
> ls -d miltonhighschool.com
[web2.aiso.net]
miltonhighschool.com. SOA web1.aiso.net domains.aiso.net. (20020502
00 10800 3600 604800 10800)
miltonhighschool.com. NS web1.aiso.net
miltonhighschool.com. NS web2.aiso.net
miltonhighschool.com. MX 1 mail1.youronlinemailman.com
miltonhighschool.com. A 209.101.60.11
mail CNAME mail1.youronlinemailman.com
www CNAME miltonhighschool.com
miltonhighschool.com. SOA web1.aiso.net domains.aiso.net. (20020502
00 10800 3600 604800 10800)
Interesting enough. We see the two original servers, but we also see affiliated servers to miltonhighschool.com, which can also be services. We see a mail server, mail1.youronlinemailman.com, which may be a loophole if it isn't patched. If you want, you can systematically go and find all of the servers and computers connected, but the mail server is probably enough to get inside this computer structure. Telnet to the mail on port 25, and see it's version. Go to packetstorm, download an exploit, and the last decision is yours. On personal websites, information like this can most likely be taken and used to scare that person the worst way. I'm afraid that I just helped stalkers all over the world, but this information is more for getting a password by calling the company up, making up a story about how the administrator, in this case Sin jones, forgot to give you your password. Be paranoid and always call from a pay phone, maybe a block away. As long as your story sounds real, you will be O.K. and walk away with an administartor password. Good luck, and happy hunting.
- what
Javascript
Tutorial
Java
Applet Tutorial
Cryptology
