10 Days Of Cybersecurity-5

Day 5: Reconnaissance Techniques

6/20/20242 min read

Day 5: Reconnaissance Techniques

Welcome to Day 5 of our 10-day cybersecurity challenge! Today, we'll explore reconnaissance techniques, a crucial step in ethical hacking. We'll cover passive and active reconnaissance and demonstrate how to use Nmap for information gathering.

Introduction to Reconnaissance

Reconnaissance, or recon, is the process of gathering information about a target. It's the first step in hacking, where you collect as much data as possible to identify potential vulnerabilities.

Types of Reconnaissance

There are two main types of reconnaissance: passive and active.

  • Passive Reconnaissance:

    • Gathering information without directly interacting with the target.

    • Examples: WHOIS lookups, Google Dorking, and social media research.

  • Active Reconnaissance:

    • Interacting directly with the target to gather information.

    • Examples: Nmap scanning, pinging, and banner grabbing.

Tools for Information Gathering

Here are some essential tools for information gathering:

Passive Reconnaissance Tools

  • WHOIS:

    • Command: whois example.com

    • Description: Retrieves domain registration information.

  • Google Dorking:

    • Example Query: site:example.com filetype:pdf

    • Description: Uses advanced search operators to find specific information.

Active Reconnaissance Tools

  • Nmap:

    • Command: nmap -sS example.com

    • Description: Scans for open ports and services.

  • ping:

    • Command: ping example.com

    • Description: Checks if a host is reachable and measures response time.

  • Banner Grabbing:

    • Command: telnet example.com 80

    • Description: Retrieves information about the service running on a port.

Practical Demonstration: Using Nmap

Let's do a practical demonstration using Nmap to scan a target.

Example Target: Use a safe and legal target like the website scanme.nmap.org, which is provided by the creators of Nmap for testing purposes.

  1. Run a Basic Scan:

    • Command: :.:

    • Description: This performs a SYN scan to identify open ports on the target.

  2. Analyze the Results:

    • Example Output:

      Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-01 10:00 PDT

      Nmap scan report for scanme.nmap.org (45.33.32.156)

      Host is up (0.030s latency).

      Not shown: 996 closed ports

      PORT STATE SERVICE

      22/tcp open ssh

      80/tcp open http

      443/tcp open https

      9929/tcp open nping-echo

    • Explanation: The output shows that ports 22, 80, 443, and 9929 are open on the target.

As you can see, Nmap has identified several open ports on our target. This information can help us understand the services running on the target and potentially find vulnerabilities.

Conclusion:

We've covered the basics of reconnaissance techniques and demonstrated how to use Nmap for active reconnaissance. Practice these techniques to gather valuable information about your targets. Tomorrow, we'll dive into scanning and enumeration. Stay safe and happy hacking.

Contacts

info@blessedops.com

Socials
Subscribe to our newsletter

(587) 413-0261