Introduction
Wondering how hackers manage to get people's data? Are you a security professional who wants to protect your organization from cyber attack or just an individual who wants to be safe from cyber attacks? Well, this article is for you.
What is reconnaissance?
Reconnaissance(Recon) refers to the process of gathering information about a potential target. It is divided into two main categories, that is, Passive Recon and Active Recon.
Passive recon: In this process, there is no engagement with the target. One relies on public resources such as social media accounts to gather information.
Active recon: The person gathering information engages with the target. This can be through one on one communication such as phone calls or even using devices belonging to the target company.
This article will focus on passive recon.
Prerequisites
In order to follow along, and understand the concepts here, one will need a basic understanding of the Linux operating system and also some networking basics.
Tools used for passive Recon
whois: This command gives us information about a certain domain. It gives us information such as when the domain was registered, when it was updated etc. An attacker can use the information found such as the company email to send phishing attacks. Open your terminal and write the command whois followed by domain name.
Example:
root@99a8ec2bac69:/# whois apple.com
Domain Name: APPLE.COM
Registry Domain ID: 1225976_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.comlaude.com
Registrar URL: http://www.comlaude.com
Updated Date: 2023-08-28T18:33:11Z
Creation Date: 1987-02-19T05:00:00Z
Registry Expiry Date: 2025-02-20T05:00:00Z
Registrar: Nom-iq Ltd. dba COM LAUDE
Registrar IANA ID: 470
Registrar Abuse Contact Email: abuse@comlaude.com
Registrar Abuse Contact Phone: +442074218250
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: A.NS.APPLE.COM
Name Server: B.NS.APPLE.COM
Name Server: C.NS.APPLE.COM
Name Server: D.NS.APPLE.COM
nslookup: This is used to query the Domain Name System. It shows us the IP addresses for a given domain and information related to each IP address such as mail servers etc.
When an attacker spots vulnerability in any of the IP addresses, he or she might use this to launch an attack.
To get ip addresses write nslookup followed by domain name. In order to get more information such as email servers used, the nslookup will take another argument called OPTIONS.
Syntax: nslookup OPTION [domain name]. In our example,
**-type=MX **is the option for getting email servers
Example:
root@99a8ec2bac69:/# nslookup apple.com
Server: 10.251.0.2
Address: 10.251.0.2#53
Non-authoritative answer:
Name: apple.com
Address: 17.253.144.10
Name: apple.com
Address: 2620:149:af0::10
root@99a8ec2bac69:/# nslookup -type=MX apple.com
Server: 10.251.0.2
Address: 10.251.0.2#53
Non-authoritative answer:
apple.com mail exchanger = 20 mx-in-hfd.apple.com.
apple.com mail exchanger = 20 mx-in-vib.apple.com.
apple.com mail exchanger = 10 mx-in.g.apple.com.
apple.com mail exchanger = 20 mx-in-mdn.apple.com.
apple.com mail exchanger = 20 mx-in-rno.apple.com.
DNSdumpster: A part from the command line tools, we have online tools that one can use to get information about a target. DNSdumpster is an online tool that one can use to get more information about a certain domain such us sub domains, IP addresses and even graphical representation of each IP address in relation to others. To use this tool, go to your browser, navigate to the DNSdumpster website then on the search bar write your domain name.
Conclusion
We have reached the end of today's learning but this does not mean you should stop here. To gain more skills in this field, you will need to do more practice and also explore other available tools. See you soon, Adios!!
Top comments (0)