©2011-BR
CEH - FOOTPRINTING
Configuration:
Your machine is BT3, running Backtrack 3.
The IP address of your machine is from DHCP.
Your target company/website is icq.com
Objectives:
Gathering as many ICQ.com server names as possible with minimum traffic
generation. While browsing the ICQ site, you notice that their main page contains
links to many of their services which are located on different servers.
Tools:
Linux BASH text manipulation in order to extract all the server names from the ICQ
main page.
Preparation:
Ensure that BT3 is connected to the internet.
- Set the vmware interface configuration to NAT
- On the BT3 virtual machine, login using username : root, password : toor
- Automatically obtain tcp/ip setting from vmware DHCP server.
bt ~ # dhcpcd –G <VMWare NAT gateway IP> eth0
1
� ©2011-BR
Detailed Steps:
1. On the BT3 virtual machine, login using username : root, password : toor
bt ~ # wget http://www.icq.com
--14:43:59-- http://www.icq.com/
=> `index.html'
Connecting to www.icq.com:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58,132 (57K) [text/html]
100%[==========================================>] 58,132 --
.--K/s
14:43:59 (307.79 MB/s) - `index.html' saved [58132/58132]
2. Extract the line containing the string “href=” , indicating that this line contains an
http link.
bt ~ # grep "href=" index.html
3. If we split this line using a “/” delimiter, the 3rd field should contain our server
Name
bt ~ # grep "href=" index.html | cut –d "/" -f3
4. We'll grep out all the non relevant lines. While we're at it, we'll also sort the list,
and remove duplicate entries
bt ~ # grep "href=" index.html |cut -d"/" -f3 | grep icq.com | sort –u
5. We'll continue with this example in order to demonstrate some other useful
scripting features. Now that you have the FQDNs for these servers, you are
tasked with finding out the IP addresses of these servers. Using a simple BASH
script and a loop, this task becomes a piece of cake. We basically want to issue
the host command for each FQDN found.
Let's start by outputting the server list into a text file.
bt ~ # grep "href=" index.html | cut -d"/" -f3 | grep icq.com |sort -u
>icq-srv.txt
2
� ©2011-BR
6. We can now write a short script which reads icq-srv.txt and executes the
hostcommand for each line. Use your favorite text editor to write this script
(findicq.sh):
#!/bin/bash
for hostname in $(cat icq-srv.txt);do
host $hostname
done
7. Run the script
bt ~ # chmod 755 findicq.sh
bt~ # ./findicq.sh
8. Let's filter all the lines that contain the string “has address” :
#!/bin/bash
for hostname in $(cat icq-srv.txt);do
host $hostname | grep "has address"
done
9. Our last task in this exercise is to get the IP addresses of these servers, again,
by using BASH text manipulation
bt ~ # ./findicq.sh > icq-ips.txt
bt ~ # cat icq-ips.txt | cut -d" " -f4 | sort -u
