Reconnaissance
Lesson Requirements
- Complete Ports and Firewalls
Reconnaissance
Reconnaissance is like when a thief wants to rob a house. Before they break in, they’ll look at the house and see if there are any windows or doors that are unlocked or any alarms that might go off. They might also look for information about the people who live in the house, like what they do for work or if they have any pets.
In the same way, hackers who want to break into a computer system will also do some reconnaissance to gather information about the system they want to attack. They might look for information on the internet, like what software the system is using or what the system is connected to. They might also try to interact with the system to see how it responds.
The goal of reconnaissance is to find weaknesses or vulnerabilities in the system that the hackers can exploit later on. Just like how the thief wants to find an unlocked door or a window to break into, the hacker wants to find a weakness in the system that they can use to get in.
To prevent hackers from gathering information about a computer system, it’s important to have strong passwords and to keep software up to date. It’s also important to be careful about what information is shared online and to not click on suspicious links or download files from unknown sources. By doing these things, we can help keep our computer systems safe from hackers.
Types of Reconnaisance
-
Active reconnaissance is like when a burglar is trying to figure out how to get into a house, so they start trying different doors and windows to see if any are open or unlocked. In the same way, a hacker might use active reconnaissance to interact with a computer system and try different ways to get in, like trying to guess passwords or scanning the network for vulnerabilities.
-
Passive reconnaissance is like when a burglar is walking around the neighborhood and looking at houses to see which ones might be good targets for a break-in. In the same way, a hacker might use passive reconnaissance to gather information about a computer system without directly interacting with it, like searching for information online or looking at social media accounts to find out what kind of software the system is using.
-
Physical reconnaissance is like when a burglar is trying to figure out how to get into a house, but they are doing it by physically being near the house and looking for ways to get in, like looking for unlocked windows or doors. In the same way, a hacker might use physical reconnaissance to gather information about a computer system by being physically present in the same location as the system, like looking for discarded documents or trying to gain access to a building.
The difference between these three types of reconnaissance is in how the hacker is gathering information about the computer system. Active reconnaissance involves directly interacting with the system, while passive reconnaissance involves gathering information without directly interacting with the system. Physical reconnaissance involves being physically present in the same location as the system to gather information. All three types of reconnaissance are used by hackers to gather information about computer systems, and it’s important to take steps to prevent hackers from being successful in their reconnaissance efforts.
Internet Archive
The Internet Archive is a digital library that allows people to access old versions of websites, archived videos, books, and other digital content. It’s like a time machine for the internet!
When using reconnaissance, the Internet Archive can be a useful tool for investigating a website’s history. For example, if you want to know what a website looked like in the past, you can search for it on the Internet Archive and see what it looked like on different dates.
Here’s how you can use the Internet Archive for reconnaissance:
-
Go to the Internet Archive website (https://archive.org/) and enter the website’s URL in the search bar.
-
The Internet Archive will show you a timeline of snapshots of the website on different dates. Click on a date to see what the website looked like on that day.
-
You can also use the Internet Archive to access old versions of digital books, movies, and music. Simply search for the title of the content you’re interested in, and the Internet Archive will show you what versions of it they have in their archive.
It’s important to note that the Internet Archive is a public resource and should be used ethically and legally. It’s not okay to use it to access private or copyrighted material without permission. But for legitimate research purposes, the Internet Archive can be a valuable tool for investigating the history of websites and digital content.
Activity: Internet Archive Reconnissance
Choose a well-known website that you’re interested in investigating. It could be a news website, a social media platform, or any other site that you’re curious about.
Use the Internet Archive to search for the website’s URL and see what versions of the site are available. Look for the oldest snapshot of the website that’s available in the archive.
Once you’ve found an older version of the website, compare it to the current version. What’s different? Are there any new features or changes in the site’s design? Are there any old features that have been removed?
Try to identify the reasons for any changes that you’ve observed. Did the website need to update its design to keep up with current trends? Did it add new features to improve the user experience? Did it remove features that were no longer popular or useful?
Finally, consider the implications of these changes for the website’s users. Are the changes positive or negative? Do they make the site more or less user-friendly? Do they reflect changes in the broader industry or online culture?
Google Hacking
Google hacking is a way of using Google search to find information that’s not usually visible on websites. It’s like being a detective and using Google to uncover secrets that people didn’t mean to share.
For example, if you wanted to find all the PDF files related to a particular topic, you could use a Google search query like this: “filetype:pdf topic name”. This will show you all the PDF files related to the topic, even if they’re not linked to directly on any website.
Another example of Google hacking is to find websites that are vulnerable to hacking. By using a search query like “inurl:admin login”, you can find websites that have an “admin login” page that might be easy to exploit.
Google hacking can also be used to find sensitive information that should not be publicly available, like passwords or credit card numbers. However, it’s important to use these techniques ethically and legally, and never use them to do anything illegal or harm anyone’s privacy.
Overall, Google hacking is a powerful tool for finding information online, but it’s important to use it responsibly and with caution.
Nmap
Nmap is a popular tool used by cybersecurity professionals for network exploration, management, and security auditing. It allows you to discover hosts and services on a computer network, as well as identifying vulnerabilities and performing various security checks. Here are some examples of Nmap commands with explanations:
-
Basic Scan: The most basic Nmap command is simply to scan a host or a range of IP addresses. To scan a single host, simply enter the command “nmap [host IP address]“. For example, “nmap 192.168.1.1”. To scan a range of IP addresses, use the command “nmap [IP address range]“. For example, “nmap 192.168.1.1-255” will scan all hosts on the 192.168.1.0/24 subnet.
-
Port Scanning: Nmap can also be used to scan for open ports on a host or network. Use the “-p” option followed by the port number or range of port numbers to scan. For example, “nmap -p 80 192.168.1.1” will scan for port 80 on the host with IP address 192.168.1.1. “nmap -p 1-1000 192.168.1.1” will scan for ports 1 to 1000 on the same host.
-
Operating System Detection: Nmap can also be used to detect the operating system running on a host. Use the “-O” option to enable operating system detection. For example, “nmap -O 192.168.1.1” will attempt to detect the operating system running on the host with IP address 192.168.1.1.
-
Service Version Detection: Nmap can also be used to detect the versions of services running on a host. Use the “-sV” option to enable service version detection. For example, “nmap -sV 192.168.1.1” will attempt to detect the version of services running on the host with IP address 192.168.1.1.
-
Aggressive Scan: The “-A” option enables an aggressive scan, which combines various Nmap scanning techniques to provide a comprehensive analysis of a host or network. For example, “nmap -A 192.168.1.1” will perform an aggressive scan on the host with IP address 192.168.1.1.
-
Output to a file: Nmap can output its results to a file using the “-o” option followed by the file name. For example, “nmap -oN scan_results.txt 192.168.1.1” will save the results of the scan to a file named “scan_results.txt”.