Presentation is loading. Please wait.

Presentation is loading. Please wait.

RECONNAISSANCE & ENUMERATION

Published byMildred Harris Modified over 6 years ago

Similar presentations

Presentation on theme: "RECONNAISSANCE & ENUMERATION"— Presentation transcript:

1 RECONNAISSANCE & ENUMERATION
WEEK 2 RECONNAISSANCE & ENUMERATION

2 Admin Buy yourself an official DISC hoodie for only $30!
Register for the CySCA competition CZ3GPJoIq8MjrKG61FIkA/viewform New to CTF’s? Have a go at angstromCTF. It’s a beginner friendly ctf at a highschool level. Check out #ctfs on Slack Interested in Locksport? Join the Locksport Slack channel locksport.slack.com

3 Don’t miss out on CySCA!

4 Pre-reading/assumed knowledge
Have a Kali Virtual Machine setup on your computer Understand the TCP/IP Model Familiarize yourself with the Linux console

5 Using Linux https://highon.coffee/blog/linux-commands-cheat-sheet/
If you’re unsure about a command or how to use it, it’s as simple as typing: For a little help <command> -h <command> --help For mucho information: man <command>

6 Common Ports and Protocols
Port 20/21: FTP FTP clients connect to port 21 on remote FTP servers to initiate file transfer operations. FTP servers run default on port 21, however like many other services, the listening port(s) can be customized to make it harder to find for an attacker. Port 23: Telnet A machine offering Telnet services is essentially offering to accept an "across the Internet" remote console terminal connection from any client device. This makes Telnet quite powerful and, without proper security, a significant security concern. An open telnet port is a massive vulnerability since it is not able to use public-key encryption like SSH. Port 22: SSH Secure shell remote login protocol provides a secure, encrypted channel to operate network services.

7 Common Protocols Port 80/443: HTTP/HTTPS GET - “Give me this webpage”
HEAD - “Give me the page’s Headers” Headers are {key: value} pairs that define operating parameters POST - “Take this data that I’m sending you” Multiple tools that can be used to send/receive HTTP requests Burpsuite - GUI tool that can do everything web-related Netcat - Send custom raw data to any sockets cURL - Send custom HTTP requests

8 Passive Enumeration

9 OSINT (Open-Source Intelligence)
Whois A browser based query and response tool that searches a domain name's publicly available registration and delegation details across the various public WHOIS databases. Dig (Domain information groper) Netcraft

10 Email Harvesting theharvester haveibeenpwned.com recon-ng
Kali tool that scrapes the web for juicy s. haveibeenpwned.com Lookup s to see if they are contained in any major data breaches. recon-ng

11 Google Dorking The art of using the incredible hacking tool sometimes referred to as ‘Google’. At its simplest, searching web pages indexed by Google for information that may uncover vulnerabilities or lead to further compromise.

12 Other tools: Bettercap
A powerful, modular, portable MiTM framework that allows you to perform various types of Man-In-The-Middle attacks against the network. It can also help to manipulate HTTP and HTTPS traffic in real-time

13 Other tools: Wireshark
An open source network packet analyser (sniffer) Used to profile network traffic

14 Active Enumeration

15 NMap The go-to network security scanner
Reference guide - Host identification Port enumeration Enumerating services Powerful scripts The famous-test tool of all -

16 Netcat Listening: nc -l -p port [-options] [hostname] [port]
Connecting: nc [-options] hostname port[s] [ports]

17 TCP/UDP Shells Reverse shell/Bind shell:
Bind Shell - Shell sits on target and listens for incoming connections Reverse Shell - An open port on your machine listens for incoming connections from the target. Firewall rules are generally tighter on incoming connections, and allow more outgoing connections.

18 Banner Grabbing telnet netcat nmap -sV --script=banner <target>

Download ppt "RECONNAISSANCE & ENUMERATION"

Similar presentations

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
IS 247 Introduction to Web Application Development Tim Wu.

IS 247 Introduction to Web Application Development Tim Wu.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Client Server and Protocols. Servers and Clients 4 A “server” is just a computer running a piece of software that provides resources to clients 4 A client.

Client Server and Protocols. Servers and Clients 4 A “server” is just a computer running a piece of software that provides resources to clients 4 A client.
Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an email client uses.

Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an client uses.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Proxy Servers.

Proxy Servers.

Similar presentations

Ads by Google