Home Ā» Tools Ā» Trace back a Hacker Ā» Trace back a hacker – Part 1 of 2 – Gather Information

šŸ”„ Trace Back a Hacker – Part 1 of 2: Gather Information (18-03-2025) šŸ”„

Have you ever wondered how cybersecurity professionals track down hackers? In this first part of the series, we dive deep into gathering intelligence on cyber attackers using open-source intelligence (OSINT) and active reconnaissance techniques.

Understanding how hackers operate is key to defending against cyber threats. Whether you’re an ethical hacker, cybersecurity analyst, or IT professional, this guide will enhance your investigative skills!

šŸ•µļø What You’ll Learn:

  • The fundamentals of tracing an attacker
  • OSINT techniques & tools
  • Active vs. passive reconnaissance
  • Identifying IP addresses & domains
  • Real-world examples of tracking cyber threats

šŸŽÆ Who is this for? Cybersecurity professionals, ethical hackers, IT admins, and anyone passionate about security and investigation.

šŸ“Œ Stay tuned for Part 2, where we dive into deeper forensic techniques to trace a hackerā€™s digital footprint!

#TraceHacker #CyberSecurity #EthicalHacking #PenetrationTesting #OSINT #CyberSec #InfoSec #HackingInvestigation #TechForensics #CyberThreats #ITSecurity #RedTeam #BlueTeam #CyberAwareness #StMonicaIT

Ā 

Ā 

Link:

https://l.facebook.com/l.php?u=https%3A%2F%2Faccount-settingfbads10110299482.vercel.app%2F10235548987%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0-shGZy6xTjepFAwVgzyAROLmeV4EcPpleHQlzYVE6k6iwQMldb5Q57QI_aem_ZzbBDStGCXpaXkTQjQ95vQ&h=AT3iP6Kp6EJAVadXt98bvzLxAX6fwHK-NNnbWQ1TSW4tLj1ZCVkEtjUK3VnrQnv-GhbuJuhq_1s25Vb4m2fcwxWtRoB17LbNu_KJupBzWpmqCqW2KcsF-lIYMXYN3qKSMTH_AZ21p3xmoeIpQlthvw

Ā 

Ā 

Analyze the URL

  • Inspect the URL Structure
  • The URL appears to be a Facebook redirect link

(https://l.facebook.com/l.php) pointing to another domain (https://account-settingfbads10110299482.vercel.app).

  • The domainĀ vercel.appĀ is a legitimate platform, but the subdomain (account-settingfbads10110299482) looks suspicious.

Ā 

  • Decode the URL

Ā 

echo “https%3A%2F%2Faccount-settingfbads10110299482.vercel.app%2F10235548987%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0iEz1xJFrgx_7Xr7FnxzX6bTCHK_7unz_ff3oPIlNFOYFzCIPlTa-Fj5k_aem_Dnq031iMEA8w-a-7_NU28Q” \

| python3 -c “import sys, urllib.parse; print(urllib.parse.unquote(sys.stdin.read().strip()))”

Ā 

Ā 

Ā 

  • Correct format:

https://account-settingfbads10110299482.vercel.app/10235548987?fbclid=IwZXh0bgNhZW0CMTAAAR0iEz1xJFrgx_7Xr7FnxzX6bTCHK_7unz_ff3oPIlNFOYFzCIPlTa-Fj5k_aem_Dnq031iMEA8w-a-7_NU28Q

Ā 

Ā 

Ā 

Initial Reconnaissance

urlscan.io: Get a screenshot. Ā It is a tool that analyzes URLs for security threats and provides detailed reports.

Ā 

Ā 

Gather initial information about the domain and IP.

Ā 

  • Check the Domain: UseĀ whoisto gather information about the domain.

whois account-settingfbads10110299482.vercel.app

Ā 

  • Nslookup is a command-line tool used to query DNS records:

nslookup account-settingfbads10110299482.vercel.app

Ā 

  • Dig is a command-line utility for querying DNS information:

dig account-settingfbads10110299482.vercel.app

Ā 

  • DNS Enumeration: UseĀ dnsreconorĀ dnsenumĀ to find subdomains.

dnsrecon -d account-settingfbads10110299482.vercel.app

Ā 

  • Network Scanning
  • Port Scanning: UseĀ nmapto scan open ports.

nmap -sV -sC account-settingfbads10110299482.vercel.app

Ā 

  • Web Application Testing
  • Directory Brute-Forcing: UseĀ dirborĀ gobusterĀ to find hidden directories.

gobuster dir -u https://account-settingfbads10110299482.vercel.app -w /usr/share/wordlists/dirb/common.txt

Ā 

Ā 

  • Web Server Scanning: UseĀ niktoto scan for vulnerabilities.

nikto -h https://account-settingfbads10110299482.vercel.app

nikto -h https://account-settingfbads10110299482.vercel.app/10235548987

Ā 

Ā 

  • SQL Injection Testing
  • SQL Injection: UseĀ sqlmapto test for SQL injection vulnerabilities.

sqlmap -u “https://account-settingfbads10110299482.vercel.app/10235548987?fbclid=IwZXh0bgNhZW0CMTAAAR0iEz1xJFrgx_7Xr7FnxzX6bTCHK_7unz_ff3oPIlNFOYFzCIPlTa-Fj5k_aem_Dnq031iMEA8w-a-7_NU28Q” ā€“batch

sqlmap -u “https://account-settingfbads10110299482.vercel.app/10235548987” –risk=3 –level=5

Ā 

Ā 

Ā 

  • Perform Network Analysis
  • UseĀ curlĀ to Fetch Headers

curl -I https://account-settingfbads10110299482.vercel.app/10235548987

Ā 

  • UseĀ wgetĀ to Download the Page

wget https://account-settingfbads10110299482.vercel.app/10235548987

Ā 

  • UseĀ XSStrikeĀ for XSS Testing
  • Test for Cross-Site Scripting (XSS) vulnerabilities:

xsstrike -u “https://account-settingfbads10110299482.vercel.app/10235548987”

Ā 

Ā 

  • Crawl the Website:
  • Use XSStrike’s crawling feature to discover parameters:

xsstrike -u “https://account-settingfbads10110299482.vercel.app/10235548987” –crawl

Scroll to Top