Objective: The objective of the lab is to extract information about the target. 

Machines Used:

• Windows 10

Applications/Methods/Tools Used:

Name: Fingerprinting(Active/Passive)

Objective: Gather information without direct interaction(Passive)/with direct action(Active) 

Function: Use any means necessary to gather as much information as possible, you can be loud or quiet. 

Commands and Options: Search engines, Web services, Social Networks, Website Footprinting, Email Footprinting, Whois Footprinting, DNS footprinting, Network footprinting, Recon tools. 

Results: A map of the target

Precautions: Ensure all methods are in scope to the engagement. Do not access anything you do not have the right to access. 

Countermeasures/Mitigation: Perform the same methods on your company. Log and monitor incoming requests. Keep up to date on latest threats. Set alerts. Encrypt all traffic wherever possible. Do not allow social networks inside the company. Port security. Red team penetration tests. Email filtering. 
Name: Google Dorking

Objective: Use Google to gather detailed information on a website.

Function: You can request specific information with Google defined declarative searches.

Commands and Options: intitle:password | filetype:pdf | cache:www.example.com | inurl: login site:google.com

Results: Extract information that the webmaster might have hid from the general public but forgot to completely secure. 

Precautions: You may be accessing something illegal. 

Countermeasures/Mitigation: Perform the same methods on your domain. Delete any old unnecessary information. 

Name: Video Information Gathering

Objective: Use tools to gather information from posted videos

Function: Gather metadata from a video URL and use reverse image searching using sites like: 

• Youtube.com
• https://video.google.com
• https://video.search.yahoo.com

And video analysis sites like:

• ezgif.com 
• VideoReverser.com 
• tineye.com 
• images.search.yahoo.com
• citizenevidence.amnestyusa.org

Commands and Options: amnestyusa.org | reverse image searching

Results: Found cool information on little things that happen inside a video. Could use for getting a location, person’s name, time frame etc. 

Precautions: None really, they posted it online so it is public information. 

Countermeasures/Mitigation: Be careful what you post online
Name: FTP Search engines

Objective: Find open FTP servers to transfer files to your host machine.

Function: Use online tools to gather information on open FTP databases.

Commands and Options: searchftps.net | globalfilesearch.com | freewareweb.com

Results: Found some good information on an open database.

Precautions: If you download anything it may be laced with malware, all sites may be compromised if you visit them, the information you take may be confidential. 

Countermeasures/Mitigation: Secure access to any FTP server. 
Name: IoT search engines

Objective: Gather information from IoT search engines

Function: See if there are and what kind of IoT devices are open from the internet. 

Commands and Options: Shodan.io | censys.io | thingful.net

Results: Open webcams, TV’s, Refrigerators 

Precautions: You could end up doing something super illegal if you do not have the right to access the device. 

Countermeasures/Mitigation: Secure any device connected to the internet. If it doesn’t need to be there take it off. Change default passwords. 

Works Cited

EC-Council. Certified Ethical Hacker (CEH) Version 11 eBook w/ iLabs (Volumes 1 through 4). International Council of E-Commerce Consultants (EC Council), 2020. [VitalSource Bookshelf].