Tracing the Location
You would need to know the IP address of the webserver in order to trace the exact location. There
are several methods to figure it out. We will use the simplest one, that is, the ping command. Ping
command sends icmp echo requests to check if the website is up. It’s used for network troubleshooting purposes.
From your command line, type the following: ping www.techlotips.com
The output would be as follows:
C:\Users\ Rafay Baloch>ping www.techlotips.com
Pinging techlotips.com [50.22.81.62] with 32 bytes of data:
Reply from 50.22.81.62: bytes = 32 time = 304ms TTL = 47
Reply from 50.22.81.62: bytes = 32 time = 282ms TTL = 47
Reply from 50.22.81.62: bytes = 32 time = 291ms TTL = 47
Reply from 50.22.81.62: bytes = 32 time = 297ms TTL = 47
So we now know that the IP address of our target is 50.22.81.62. After determining the webserver’s
IP, we can use some online tools to track the exact location of the webserver. One such tool
is IPTracer that is available at http://www.ip-adress.com/ip_tracer/yourip
Just replace your IP with your target’s IP, and it will show you the exact location of the webserver
via Google Maps.
From “www.ip-address.com/ip_tracer/50.22.81.62”
Traceroute
Traceroute is a very popular utility available in both Windows and Linux. It is used for network
orientation. By network orientation I don’t mean scanning a host for open ports or scanning for
services running on a port. It means to figure out how the network topology, firewalls, load balancers,
and control points, etc. are implemented on the network.
A traceroute uses a TTL (time to live) field from the IP header, and it increments the IP packet
in order to determine where the system is. The time to live value decreases every time it reaches a
hop on the network (i.e. router to server is one hop).
There are three different types of traceroutes:
1. ICMP traceroute (which is used in Windows by default)
2. TCP traceroute
3. UDP traceroute
ICMP Traceroute
Microsoft Windows by default uses ICMP traceroute; however, after a few hops, you will get a
timeout, which indicates that there might be a device like IDS or firewall that is blocking ICMP
echo requests.
From this image you can see that the ICMP echo requests are timed out after seven requests.
TCP Traceroute
Many devices are configured to block ICMP traceroutes. This is where we try TCP or UDP traceroutes,also known as layer 4 traceroutes. TCP traceroute is by default available in BackTrack. If
you can’t find it, just use the following command:
apt-get install tcptraceroute
Usage
From the command line, you would need to issue the following command:
tcptraceroute www.google.com
UDP Traceroute
Linux also has a traceroute utility, but unlike Windows, it uses UDP protocol for the traceroute.
In Windows, the command for traceroute is “tracrt”. In, Linux, it’s “tracroute”.
Usage
traceroute www.target.com
NeoTrace
NeoTrace is a very fine GUI-based tool for mapping out a network.
Cheops-ng
Cheops-ng is another remarkable tool for tracing and fingerprinting a network. This image speaks
a thousand words.
Enumerating and Fingerprinting the Webservers
For successful target enumeration, it’s necessary for us to figure out what webserver is running at
the back end. In this section, we will look at both active and passive information gathering methods.
As a reminder, in active information gathering, we directly interact with the target; in passive
information gathering, we do not interact with the target, but use the information available on the
web in order to obtain details about the target.
Intercepting a Response
The first thing you should probably try is to send an http request to a webserver and intercept the
response. http responses normally reveal the webserver version of many websites. For that purpose,
you would need a web proxy such as Burp Suite, Paros, and webscrab.
Let’s try to find out the name and version of the webserver running behind ptcl.com.pk by trapping
a response with Burp Suite by following these steps:
Step 1—First, download the free version of Burp Suite from the following website: http://portswigger.net/burp/
Step 2—Next, install the Burp Suite and launch it.
Step 3—Next, open Firefox.
Note: You can use any browser, but I would recommend Firefox. Go to Tools → Options →
Advanced → Network → Settings.
Step 4—Click on the “Manual Proxy configuration” and insert the information given in following
screenshot and click “Ok”.
Step 5—Next, open up Burp Suite again, navigate to the “proxy” tab and click on the “intercept”
tab and click on “intercept is off” to turn it on.
Step 6—Next, from your Firefox browser, go to www.ptcl.com.pk and send an http request by
refreshing the page. Make sure the intercept is turned on.
Step 7—Next, we would need to capture the http response in order to view the banner information.
Intercepting the response is turned off by default, so we need to turn it on. For that
purpose, select the http request and then right click on it, and under “do intercept”, click on
“response to this request.”
Step 8—Next, click on the “Forward” button to forward the http request to the server. In a few
seconds, we will receive an http response, revealing the http server and its version. In this
case, it is Microsoft’s IIS 7.5.
You would need to know the IP address of the webserver in order to trace the exact location. There
are several methods to figure it out. We will use the simplest one, that is, the ping command. Ping
command sends icmp echo requests to check if the website is up. It’s used for network troubleshooting purposes.
From your command line, type the following: ping www.techlotips.com
The output would be as follows:
C:\Users\ Rafay Baloch>ping www.techlotips.com
Pinging techlotips.com [50.22.81.62] with 32 bytes of data:
Reply from 50.22.81.62: bytes = 32 time = 304ms TTL = 47
Reply from 50.22.81.62: bytes = 32 time = 282ms TTL = 47
Reply from 50.22.81.62: bytes = 32 time = 291ms TTL = 47
Reply from 50.22.81.62: bytes = 32 time = 297ms TTL = 47
So we now know that the IP address of our target is 50.22.81.62. After determining the webserver’s
IP, we can use some online tools to track the exact location of the webserver. One such tool
is IPTracer that is available at http://www.ip-adress.com/ip_tracer/yourip
Just replace your IP with your target’s IP, and it will show you the exact location of the webserver
via Google Maps.
From “www.ip-address.com/ip_tracer/50.22.81.62”
Traceroute
Traceroute is a very popular utility available in both Windows and Linux. It is used for network
orientation. By network orientation I don’t mean scanning a host for open ports or scanning for
services running on a port. It means to figure out how the network topology, firewalls, load balancers,
and control points, etc. are implemented on the network.
A traceroute uses a TTL (time to live) field from the IP header, and it increments the IP packet
in order to determine where the system is. The time to live value decreases every time it reaches a
hop on the network (i.e. router to server is one hop).
There are three different types of traceroutes:
1. ICMP traceroute (which is used in Windows by default)
2. TCP traceroute
3. UDP traceroute
ICMP Traceroute
Microsoft Windows by default uses ICMP traceroute; however, after a few hops, you will get a
timeout, which indicates that there might be a device like IDS or firewall that is blocking ICMP
echo requests.
TCP Traceroute
Many devices are configured to block ICMP traceroutes. This is where we try TCP or UDP traceroutes,also known as layer 4 traceroutes. TCP traceroute is by default available in BackTrack. If
you can’t find it, just use the following command:
apt-get install tcptraceroute
Usage
From the command line, you would need to issue the following command:
tcptraceroute www.google.com
UDP Traceroute
Linux also has a traceroute utility, but unlike Windows, it uses UDP protocol for the traceroute.
In Windows, the command for traceroute is “tracrt”. In, Linux, it’s “tracroute”.
Usage
traceroute www.target.com
NeoTrace
NeoTrace is a very fine GUI-based tool for mapping out a network.
Cheops-ng
Cheops-ng is another remarkable tool for tracing and fingerprinting a network. This image speaks
a thousand words.
Enumerating and Fingerprinting the Webservers
For successful target enumeration, it’s necessary for us to figure out what webserver is running at
the back end. In this section, we will look at both active and passive information gathering methods.
As a reminder, in active information gathering, we directly interact with the target; in passive
information gathering, we do not interact with the target, but use the information available on the
web in order to obtain details about the target.
Intercepting a Response
The first thing you should probably try is to send an http request to a webserver and intercept the
response. http responses normally reveal the webserver version of many websites. For that purpose,
you would need a web proxy such as Burp Suite, Paros, and webscrab.
Let’s try to find out the name and version of the webserver running behind ptcl.com.pk by trapping
a response with Burp Suite by following these steps:
Step 1—First, download the free version of Burp Suite from the following website: http://portswigger.net/burp/
Step 2—Next, install the Burp Suite and launch it.
Step 3—Next, open Firefox.
Note: You can use any browser, but I would recommend Firefox. Go to Tools → Options →
Advanced → Network → Settings.
Step 4—Click on the “Manual Proxy configuration” and insert the information given in following
screenshot and click “Ok”.
Step 5—Next, open up Burp Suite again, navigate to the “proxy” tab and click on the “intercept”
tab and click on “intercept is off” to turn it on.
Step 6—Next, from your Firefox browser, go to www.ptcl.com.pk and send an http request by
refreshing the page. Make sure the intercept is turned on.
Step 7—Next, we would need to capture the http response in order to view the banner information.
Intercepting the response is turned off by default, so we need to turn it on. For that
purpose, select the http request and then right click on it, and under “do intercept”, click on
“response to this request.”
Step 8—Next, click on the “Forward” button to forward the http request to the server. In a few
seconds, we will receive an http response, revealing the http server and its version. In this
case, it is Microsoft’s IIS 7.5.
Comments
Post a Comment