Lab 3
People Search Using the AnyWho Online Tool
A_nyWho is an online white pages people search directoryfor quickly looking up individualphone numbers.
Lab Scenario
You have already learned that the first stage in penetration testing is to gather as much information as possible. 111 the previous lab, you were able to find information related to DNS records using the nslookup tool. If an attacker discovers a flaw 111 a DNS server, he or she will exploit the flaw to perform a cache poisoning attack, making die server cache the incorrect entries locally and serve them to other users that make the same request. As a penetration tester, you must always be cautious and take preventive measures against attacks targeted at a name server by securely configuring name servers to reduce the attacker's ability to cormpt a zone hie with the amplification record.
To begin a penetration test it is also important to gather information about a user location to intrude into the user’s organization successfully. 111 tins particular lab, we will learn how to locate a client or user location using die AnyWho online tool.
Lab Objectives
The objective of tins lab is to demonstrate the footprinting technique to collect confidential information on an organization, such as then: key personnel and then־ contact details, usnig people search services. Students need to perform people search and phone number lookup usnig http: / /www.a11ywho.com.
Lab Environment
111 the lab, you need:
■ A web browser with an Internet comiection
■ Admnnstrative privileges to run tools
■ Tins lab will work 111 the CEH lab environment - on Windows Server
2012. Windows 8 , Windows Server 2008. and Windows 7
Lab Duration
Tune: 5 ]\ luiutes
Overview of AnyWho
AnyWho is a part ot the ATTi family ot brands, which mostly tocuses 011 local searches tor products and services. The site lists information from the White Pages (Find a Person/Reverse Lookup) and the Yellow Pages (Find a Business).
Lab Tasks
1. Launch Start menu by hovering the mouse cursor 011 the lower-left corner of the desktop
 |
| FIGURE 3.1: Windows Server 2012 — Desktop view |
 |
| FIGURE 3.2: Windows Server 2012—Apps |
 |
| FIGURE 3.3: AnyWho - Home Page http://www.anywho.com |
4. Input die name of die person you want to search for in die Find a Person section and click Find
 |
| FIGURE 3.4: AnyWho—Name Search |
 |
| FIGURE 3.5: AnyWho People Search Results |
6. Click die search results to see the address details and phone number of that person
 |
| FIGURE 3.6: AnyWho - Detail Search Result of Rose A Christian |
7. Sinulady, perform a reverse search by giving phone number or address 111 die Reverse Lookup held
 |
| FIGURE 3.7: AnyWho Reverse Lookup Page |
 |
| FIGURE 3.8: AnyWho - Re\*e1se Lookup Search Result |
Lab Analysis
Analyze and document all the results discovered 111 die lab exercise
Questions
1. Can vou collect all the contact details of the key people of any organization?
2. Can you remove your residential listing? It yes, how?
3. It you have an unpublished listing, why does your information show up in AnyWho?
4. Can you tind a person in AnyWho that you know has been at the same location for a year or less? If yes, how?
5. How can a listing be removed from AnyWho?
Không có nhận xét nào:
Đăng nhận xét