RECONNAISSANCE & ENUMERATION

Slides:



Advertisements
Similar presentations
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
Advertisements

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
System Security Scanning and Discovery Chapter 14.
IS 247 Introduction to Web Application Development Tim Wu.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Client Server and Protocols. Servers and Clients 4 A “server” is just a computer running a piece of software that provides resources to clients 4 A client.
Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an client uses.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Telnet/SSH: Connecting to Hosts Internet Technology1.
Forensic and Investigative Accounting
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Proxy Servers.
CHAPTER 9 Sniffing.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.
Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.
CSI 3125, Preliminaries, page 1 Networking. CSI 3125, Preliminaries, page 2 Networking A network represents interconnection of computers that is capable.
Footprinting and Scanning
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
NAT、DHCP、Firewall、FTP、Proxy
Application Layer Functionality and Protocols
Chapter 7: Using Network Clients
Instructor Materials Chapter 5 Providing Network Services
Introduction to Network Scanning
FIREWALL configuration in linux
Footprinting and Scanning
The Linux Operating System
Project 1 Simple Socket Client.
Chris D Hicks Director of IT MCSE, MCP + Internet Security
Network Wiring and Reference
Unit 4: Transport protocols
Some bits on how it works
Metasploit a one-stop hack shop
Simple Socket Client Project 1.
Working at a Small-to-Medium Business or ISP – Chapter 7
Footprinting and Scanning
Working at a Small-to-Medium Business or ISP – Chapter 7
Week 5.
Working at a Small-to-Medium Business or ISP – Chapter 7
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Simple Socket Client Project 1.
Passive Research Section 2 11/29/2018.
OPS235: Configuring a Network Using Virtual Machines – Part 2
Web Application Penetration Testing ‘17
Firewalls Jiang Long Spring 2002.
The Client Server Model
Internet Protocols IP: Internet Protocol
Firewalls Chapter 8.
The Client Server Model
APACHE WEB SERVER.
Computer Networks Protocols
EVAPI - Enumeration Auburn Hacking club
MESSAGE ACCESS AGENT: POP AND IMAP
Presentation transcript:

RECONNAISSANCE & ENUMERATION WEEK 2 RECONNAISSANCE & ENUMERATION

Admin Buy yourself an official DISC hoodie for only $30! https://dischoodies.getqpay.com/ Register for the CySCA competition https://docs.google.com/forms/d/e/1FAIpQLSfQ4zclfAckaCJ6I4NzOHhHuQfCi CZ3GPJoIq8MjrKG61FIkA/viewform New to CTF’s? Have a go at angstromCTF. It’s a beginner friendly ctf at a highschool level. Check out #ctfs on Slack Interested in Locksport? Join the Locksport Slack channel locksport.slack.com

Don’t miss out on CySCA!

Pre-reading/assumed knowledge Have a Kali Virtual Machine setup on your computer https://www.deakininfosec.com.au/blog/getting-started Understand the TCP/IP Model http://www.omnisecu.com/tcpip/tcpip-model.php Familiarize yourself with the Linux console https://linuxjourney.com/lesson/the-shell https://overthewire.org/wargames/bandit/

Using Linux https://highon.coffee/blog/linux-commands-cheat-sheet/ If you’re unsure about a command or how to use it, it’s as simple as typing: For a little help <command> -h <command> --help For mucho information: man <command>

Common Ports and Protocols Port 20/21: FTP FTP clients connect to port 21 on remote FTP servers to initiate file transfer operations. FTP servers run default on port 21, however like many other services, the listening port(s) can be customized to make it harder to find for an attacker. Port 23: Telnet A machine offering Telnet services is essentially offering to accept an "across the Internet" remote console terminal connection from any client device. This makes Telnet quite powerful and, without proper security, a significant security concern. An open telnet port is a massive vulnerability since it is not able to use public-key encryption like SSH. Port 22: SSH Secure shell remote login protocol provides a secure, encrypted channel to operate network services.

Common Protocols Port 80/443: HTTP/HTTPS GET - “Give me this webpage” HEAD - “Give me the page’s Headers” Headers are {key: value} pairs that define operating parameters POST - “Take this data that I’m sending you” Multiple tools that can be used to send/receive HTTP requests Burpsuite - GUI tool that can do everything web-related Netcat - Send custom raw data to any sockets cURL - Send custom HTTP requests

Passive Enumeration

OSINT (Open-Source Intelligence) Whois A browser based query and response tool that searches a domain name's publicly available registration and delegation details across the various public WHOIS databases. Dig (Domain information groper) Netcraft https://searchdns.netcraft.com/

Email Harvesting theharvester haveibeenpwned.com recon-ng Kali tool that scrapes the web for juicy emails. haveibeenpwned.com Lookup emails to see if they are contained in any major data breaches. recon-ng

Google Dorking The art of using the incredible hacking tool sometimes referred to as ‘Google’. At its simplest, searching web pages indexed by Google for information that may uncover vulnerabilities or lead to further compromise. https://www.sans.org/security-resources/GoogleCheatSheet.pdf https://www.exploit-db.com/google-hacking-database/

Other tools: Bettercap A powerful, modular, portable MiTM framework that allows you to perform various types of Man-In-The-Middle attacks against the network. It can also help to manipulate HTTP and HTTPS traffic in real-time

Other tools: Wireshark An open source network packet analyser (sniffer) Used to profile network traffic

Active Enumeration

NMap The go-to network security scanner Reference guide - https://highon.coffee/blog/nmap-cheat-sheet/ Host identification Port enumeration Enumerating services Powerful scripts The famous-test tool of all - https://nmap.org/movies/

Netcat Listening: nc -l -p port [-options] [hostname] [port] Connecting: nc [-options] hostname port[s] [ports] https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

TCP/UDP Shells Reverse shell/Bind shell: Bind Shell - Shell sits on target and listens for incoming connections Reverse Shell - An open port on your machine listens for incoming connections from the target. Firewall rules are generally tighter on incoming connections, and allow more outgoing connections. https://highon.coffee/blog/reverse-shell-cheat-sheet/

Banner Grabbing telnet netcat nmap -sV --script=banner <target>

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.