4.1 Reconnaissance Overview
We can use _________ to do a scan to see what ports are open.
Nmap -to do port scan type 'nmap -sS scanme.nmap.org' (sS scans the 1,000 most common ports)
theHarvester is a tool used during reconnaissance and is preinstalled on Kaili linux.
true
what are some common approaches to reconnaissance ? (
-Internet research like going through company websites, social media, discussion groups financial reports news articles -social engineering where you go undercover, so to speak, in an attempt to get to know the employees or the vendors of the company. -dumpster diving -social networking;you can extend your search to LinkedIn, Facebook, Instagram, Twitter or People Search to learn even more information about a company, a vendor, or an employee.
what are a few TOOLS you can use for reconnaissance? ()
-google for basic search(google hacking) - google earth -google maps - webcams -echosec maltego wayback machine
what are some advanced searches with Google?
-info: website Provides all information about a website. -link: website Lists web pages that contain links to websites. -related: website Displays websites similar to the one listed. -index of / keyword Displays websites where directory browsing has been enabled. - intitle: keyword Shows results in pages that contain the keyword in the title. -allinurl: keywords Shows results in pages that contain all of the listed keywords.
what's difference between ethical hacker and criminal hacker
ethical hacker needs to obtain written documentation granting permission from the customer. They should verify that the agreement specifies the scope of the assessment and any guidelines or limitations that may be in place.
what does footprinting mean in ethical hacking?
footprinting refers to information that's accidentally shared publicly or that's outdated and hasn't been properly disposed of.
what exactly are we looking for during reconnaissance?
info like -contact names -phone numbers -email addresses -general info on security systems -technical infrastructure
Active information gathering
is a method of directly collecting details about a target. It involves direct engagement with the target, so the chance of detection is higher.
what is Echosec?
is a tool that can be used to pull information from social media postings that were made using location services. You can select a location on a map and view all posts that have occurred at that location. These results can be filtered by user, date, or keyword.
what is ARIN?
is a website that will provide you with information about a network's name, range, origination dates, and server details
_____ is being used to make a connection to the site ,nmap, on port 80 by typing "nc -v scanme.nmap.org 80"
netcat
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep? nmap -sM 172.125.68. 1-255 nmap -sU 172.125.68. 1-255 nmap -sS 172.125.68. 1-255 nmap -sn 172.125.68. 1-255
nmap -sn 172.125.68. 1-255 The nmap -sn command is used to disable port scanning. The command nmap -sn 172.125.8. 1-225 will scan a range of ip addresses without listing the ports. The nmap -sS command is used for a TCP SYN port scan (default). The nmap -sU command is used for UDP port scans. The nmap -sM command is used for TCP Maimon port scans.
to make sure that the site is live you type ______ in command line
ping hit Ctrl+C to stop the ping
Is it possible to create a network map without even stepping foot into the building?
yes depending on level of security within an organization
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees? Intellectual property, critical business functions, and management hierarchy Geographical information, entry control systems, employee routines, and vendor traffic Contact names, phone numbers, email addresses, fax numbers, and addresses Operating systems, applications, security policies, and network mapping
Contact names, phone numbers, email addresses, fax numbers, and addresses
theHarvester can search both Twitter and LinkedIn.
true 4.1.5)
to find the path to our target use ______ .
traceroute on linux system tracert on windows system
what is the utility Nslookup used for?
used to query DNS servers to obtain information about the host network, including DNS records and host names.
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful? Whois beSTORM Nslookup ARIN
whois
you can see all the information about the website your looking for(ex: NMAP.ORG) that's available from _______.
whois
what are webcams?
Webcams are online streaming digital cameras that can provide video of places, people, and activity in an area.
Now, I want to do a ping sweep to see what other IPs might be associated with scanme.nmap.org. To do a ping sweep, I'll type in "__________ -sn 45.33.32.1-255" and press Enter. Now I can go through this list and see which other IPs might be associated with scanme.nmap.org.
nmap
Passive information gathering
is a method of indirectly collecting details about a target. It does not involve direct engagement with the target, so the chance of detection is very low.
The Wayback Machine ?
is a nonprofit catalog of old site snapshots. It may contain information that your target thought they had removed from the internet.
Reconnaissance
is a systematic attempt to locate, gather, identify, and record information about a target. - to start can go on internet to research
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use? nmap -sV xyzcompany.com nmap -sA xyzcompany.com nmap -sT xyzcompany.com nmap -sS xyzcompany.com
nmap -sS xyzcompany.com -sS TCP SYN port scan (default) scans the 1,000 most common ports. -sV attempts to determine the version of the service running on port. -sT TCP connects a port scan (default without root privilege). -sA executes a TCP ACK port scan.
what are 3 network footprinting tools?
-Whois -Nslookup -ARIN
True or False: An IP address could direct you to a network access point such as an email server or a web server.
True
What is SHODAN?
a search engine for the internet of things
what is google hacking?
by adding a few operators to your google search, you can find some very specific info -it is legal; target may think the info is tucked away but found on public website. -you can use the Google search engine to provide filtered information about a specific topic like; operator/synatax= info:website Description=provides all info about website intitle: keywordShows results in pages that contain the keyword in the title.
to find the name server information use_____ on command line
nslookup -you get the IP addresses for both IP version 4 and version 6 along with the server names.
Which of the following is the difference between an ethical hacker and a criminal hacker? A criminal hacker is easily detected, but an ethical hacker isn't. An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission. An ethical hacker is nice, clean, and polite, but a criminal hacker isn't. A criminal hacker is all-knowing, but an ethical hacker isn't.
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
Whois, Nslookup, and ARIN are all examples of: answer IoT hacking tools Google hacking tools Network footprinting tools Internet research tools
Network footprinting tools
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in? covering tracks Scanning Reconnaissance Gaining access
Reconnaissance
What does the Google Search operator allinurl:keywords do? Displays web sites similar to the one listed. Shows results in pages that contain all of the listed keywords. Displays websites where directory browsing has been enabled. Shows results in pages that contain the keyword in the title.
Shows results in pages that contain all of the listed keywords.
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using? Dumpster diving Web surfing Social engineering Social networking
Social engineering
what can website and email footprinting provide?
Website and email footprinting can provide details on information flow, operating systems, filenames, and network connections
whats difference between Google Earth and Google Maps?
Google Earth is a satellite imagery tool that provides current and historical images of most locations. Images can date back over several decades. Google Maps is a web mapping service that provides a street view of houses, businesses, roadways, and topologies.
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking? Permission and documentation Maintaining access Information gathering techniques Information types
Information gathering techniques
"whois" is a utility used to gain info about targets network. what kind of info does it gather?
It can gather information about -ownership -IP addresses -domain name, location, server type -the date the site was created. The syntax is Whois domain_name .
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information? Wayback Machine Maltego Echosec Google Earth
Maltego
what is Maltego?
Maltego is an open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information.
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool? Google Maps Echosec Maltego Wayback Machine
Echosec -is a tool that can be used to pull information from social media postings that were made using location services.
