RECONNAISSANCE – (TUTORIAL)
Reconnaissance is the first step of hacking “In this process the main purpose is to gather information about the target through passive method “
Information like which company is it, what are technology they use, who own the company, email address, etc.
Ethical hacking phase
Footprinting & Reconnaissance – this is the first and the most important phase of hacking in this process we gather information about the target before exploiting.
Networking hacking – in this process we gain access or entering the network off the target. (hacking performs in the target network)
Scanning – in this process we scan the target network to gain some information regarding target. For example – how many hosts are connected to the target network, what technologies they are using, OS, open port, vulnerabilities regarding that target etc.
Gaining access – in this process we compromise with the target system to gain access through the vulnerability regarding that target
Maintaining access – in this process our main thing is to main the connection with the target.
For example – backdoors
Clearing tracks – is the most and the last phase of hacking where we clear all the logs generated by the hacker in the recent phase.
Active Footprinting – in active footprinting we make direct connection with the target through tools.
Passive Footprinting – in passive footprinting we don’t make direct connection with the target. For example – Social Media
In Passive footprinting we use social media for gather information about the target some are the website which are helpful for gather information about the target are –
https://pipl.com/ – for information of a person.
https://www.zabasearch.com/ – gather information about the target specify the name of the target.
For tracking purpose
In this process we send a mail to the target victim for gather information about the IP , location , browsers etc.
Gathering information about the target website – Internet Archive is the website to see your target website looks like in the very first version.
A Google dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.
For example – “@microsoft.com” – “” specify the string only for the @ mail address of the target.
“ Bill Gates ” – specify only the target we are looking for.
“ Bill Gates filetype:xlsx ” – as the filetype which format we are searching for the target information stored in the google database.
rdp ext:rdp – Gather you the kinks of the RDP(remote desktop protocol) to connect with the server.
Inurl:login.php – Gather you the login pages of the websites.
Site:”Microsoft.com” filetype:xlsx – site contain specific site which to gather information.
Site:”Microsoft.com” -site:”www.microsoft.com” – -site: will gather information about the other Microsoft web server.
Intitle:”VNC viewer for java” – you can search a specific target through a ward in intile :
inurl:”/control/Userimage.html” – though inurl: specify the things looking for
Tools and Technique
Maltego – one of the best tools for gathering information about the target.
Theharvester – this tool is used to gather information about mail address regarding to the target is this preinstalled in your kali Linux frame ware.
Exploit-DB – a website where you can find vulnerabilities regarding server.
CVE- details – a website where you can find vulnerabilities regarding server.
To compromise with someone PC/server we have to get his PUBLIC IP which is provided by the ISP. Through public IP we can attack to the target PC.
“To get the public IP of the target we need to send him a mail or message to gather information regarding the target”