Introduction to Ethical Hacking
Temple University

Week 3 Summary

Published September 9, 2015 | By Nicholas T. Nguyen

Open Source Recon Tools:

Conducting active recon with permission from the company would be considered illegal. Only passive forms of recon, such as open source information or social engineering, are considered legal to do without permission. Any piece of information, whether available to the public or not, can help an attacker piece together the puzzle that gives them enough information to decide how to exploit systems. Conducting Google hacking will be sensed by Google, and makes one enter a CAPCHA code to prove one is not a bot, since Google hacking is considering malicious. One must also be very careful when conducting a port scan, since intense scans can take up a lot of bandwidth on the network and may crash services and disrupt daily operations. Some ways of recon can include DNS zone transfers, port scans via Google searches, searching archived versions of websites, netcraft, and then looking up website or company vulnerabilities on the CVE list.

Art of Recon:

The first step of recon would be to perform a DNS zone transfer, or DNS enumeration of the target to discover any possible IP addresses for servers, computers, or websites. DNS enumeration can also turn server or computer names into IP addresses, and retrieving the contents of DNS servers unlocks this treasure trove. You can check if hosts are active and live with a ping sweep, although these are unreliable because firewalls may block ICMP. A noisy way to check alive hosts are with a full TCP scan. Fingerprinting allows one to discover what operating system the target is running, which is important in selecting more enumeration, vulnerability scanning, or exploits. Port scanning allows one to see what services are running, and which doors are open, and if any versions of the services have any vulnerabilities or missing patches. Options in the hping3 or nmap scan can help make the scan more quiet, or mask your IP address during a port scan.

News Article:

http://www.wired.com/2015/08/uber-hires-hackers-wirelessly-hijacked-jeep/

Uber hires two hackers who were able to hack into cars. They will be helping to prevent future cars from getting attacked and penetrated.

Question for the class:

What are some NSE scripts that can be used with Nmap to help acts as useful vulnerability scanners?

Posted in

Leave a Reply

Your email address will not be published. Required fields are marked *