4.1 - Reconnaissance Overview

 4.1 - Reconnaissance overview 

 

Key Terms: 

    • Reconnaissance – A systematic attempt to locate, gather, record and identify information. 
    • Passive information gathering – A method of indirectly gathering information about a target. 
    • Active information gathering – A method of directly gathering information about a target. Usually this is a lot more blatant. 

 

Internet Research 

Sometimes, valuable information is not hidden. Lots of information can be accessed using the internet such as websites, social media, discussion groups, financial reports, and news articles. 

 

Social Engineering 

Various means of social engineering can identify information about the target. Humans are always the weakest part of any system so targeting employees can often be a very good way of getting information. Depending on the technique the attacker uses, it can be overlooked easily making the hacker undetected. 

 

Information Gathering 

Attackers are looking for: 

    • Contact names 
    • Phone numbers 
    • Email addresses 
    • Security information 
    • Technical infrastructure 

 

Footprinting 

A footprint is a piece of information that is accidentally shared publicly. This information can be found through websites and emails and recorded for later use. An attacker could even create a network map based off this information without even connecting to the business network. This is because DNS provides a convenient network addressing method as an IP can direct you to a network access point like an email or web server. 

 

Tools 

Here is a list of useful tools that a hacker may use. Please note that some of these tools are malicious and should only be used in a professional or educational environment only. 

    • Google Earth – A satellite imagery website useful for physical reconnaissance. 
    • Google Maps – A web mapping service that can provide a view of housing and other infrastructure around the target. 
    • Webcams – Online streaming cameras that provide free-to-view video of an area. 
    • Echosec – A tool that can be used to pull information from social media posts that were made using locational services. You can select a location and view all posts made in that one area. 
    • Maltego – An open-source forensic analysis tool used to pull information from social media posts and find links between companies, people, emails, and other information.  
    • Wayback Machine – An archive of old site snapshots. It can sometimes contain information that the target thought they had completely removed from the internet. 
    • Whois – A utility to gain information about a target network. It can gather information about a network such as ownership, IP addresses, domain names, locations, server types, and dates. Whois is a default KALI library with the syntax (Whois domain_name) 
    • Nslookup – A utility used to query DNS servers to obtain information about the host network, including DNS records and host names. 
    • ARIN – A website that provides information about a network’s name, range, organisation dates, and server details. 

 

Google Dorking 

A set of useful parameters inputted into google: 

    • info:website – Provides information about a website. 
    • link:website – Lists web pages that contains links to websites. 
    • related:website – Displays websites similar to the one listed. 
    • index of /keyword - Displays websites where the directory browsing has been enabled. 
    • intitle:keyword – Shows results in pages that contain the keyword in the title. 
    • allinurl:keywords – Shows results in pages that contain all of the listed keywords. 
    • site:.extension filetype:file_extensionShows results of files listed on a URL extension. Files extensions: (docx – Word document, xlsx – Excel document, mdb – Access databases, pptx – Powerpoints, pdf – PDF documents) 

Here is a website containing all search exploits: https://www.exploit-db.com/google-hacking-database 

 

TheHarvester 

theHarvester is a preinstalled KALI package capable of pulling information from a domain. 


 


Here are some useful commands: 

    • theHarvester –h (help page) 
    • theHarvester –d domain –l limit –b source (scan a domain from a source and limit results) 

Nmap 

Nmap is a preinstalled KALI package capable of pulling information about a network. Here are some useful commands: 

    • ping url (ping a URL to check response) 
    • traceroute url (find a route to the given URL) 
    • nslookup url (find the server name for a domain) 
    • whois url (scan a URL for information) 
    • nc –v url port (make a connection on an open port) 
    • nmap –sS url (scan a url for open ports) 
    • nmap –sn ip (perform a ping sweep on an IP) 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more