network hack L2 recon and footprinting

Cards (20)

  • Reconnaissance and Footprinting
    • First phase in penetration testing
    • Know your target
    • Information such as network topology, operating systems, applications, user accounts, etc
    • Without tipping off the target
  • Open Source Intelligence (OSINT)

    Process of collection and analysis of data gathered from open sources to produce actionable intelligence
  • OSINT sources
    • MediaNewspapers, magazines, etc
    • InternetDomain Registrars
    • Public government data
  • Whois query
    Provides administrative contact, email address, etc
  • Internet – People (Social Engineering)
    • Havester
    • Facebook
    • LinkedIn
    • Twitter
    • Posted Jobs
  • Domain Name System (DNS)
    • IP address is required when interacting with the target
    • Name resolution is the process where the target URL gets resolved into IP address
  • Name resolution process

    1. URL DNS resolution request goes to name resolver (Caching DNS)
    2. Record not found, recursive name query starts
    3. Till name resolved or Non-existent domain
  • Iterative DNS queries
    Between Local DNS and other DNS Servers
  • Recursive DNS queries
    Between Client and local DNS Servers
  • DNS Lookup tools
    • nslookup on Windows
    • Dig
  • Dig for Mail Server record
    • dig [server] [name] MX
  • Passive reconnaissance
    Gathering information without actively engaging with the target systems
  • Active reconnaissance
    Intruder engages with the targeted system to gather information about vulnerabilities
  • Active reconnaissance tools
    • Network scanner – e.g. nmap
    • Vulnerability scanners – eg OpenVAS
    • Metasploit
  • Website Intelligence
    Gather intelligence using web tools
  • Website Intelligence tools
    • Netcraft
    • httrack website copier
    • Google Hacking using dork
    • theHarvester
    • Shodan
  • It is illegal to use Google dorks to access, download illegal or protected information
  • Footprinting and reconnaissance are important activities in ethical hacking
    • Collect a lot of data for later use
    • Making minimal alerts
    • Differentiate between active and passive reconnaissance
  • Learnt about reconnaissance tools such Google dorks, DNS, nslookup, theHarvester, shodan, etc